[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 232
  • Last Modified:

OUTLOOK EXPRESS - Logon using secure password authentication

Outlook Express 6
Exchange 5.5
Windows NT/Windows2000

I noticed the following today.

If you logon to the domain as userA, open outlook express, create a new profile/account  with a username of USERB and USERB's password.... and under the server section seelct "Logon using secure password authentication" as well as "My server requires authentication"

Then even if your profile was for USERB, userA's email is downloaded into the mailbox.

If you remove the check box from " Logon using secure password authentication" then everthing works as it should, with USERB receiving USERB's email.

If this how it is suppose to work?

it seems like asecurity issue to me.
1 Solution
I think that is how it's supposed to work.

I found some info here:


"When a user tries to log on to Exchange Server with Outlook Express and
Secure Password Authentication, the client will pass the credentials of the
user logged on to the workstation. If the logon works using the Clear Text
option: <NT Domain/NT Account/Alias>, the user will have to change his or
her mailbox alias to the Windows NT account name in order to use Secure
Password Authentication. This is because Secure Password Authentication will
not pass the mailbox alias information. It defaults to <NT DOMAIN\NTACCOUNT>
and Exchange Server assumes the alias to be the Windows NT account."

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now