?
Solved

How to fix following OWA / Password Flaw?

Posted on 2010-08-26
5
Medium Priority
?
495 Views
Last Modified: 2012-08-14
Scenario

Employee logs into Webmail, say at a hotel kiosk

Employee selects "private computer" as an option

Employee finishes work and leaves hotel

Employee remembers they left kiosk without logging out

Employee knows that typing "https://web" may or will autocomplete with full TMO Webmail address

Employee suspects (which is true) persistent cookie will show then as logged in.

Employee sets up their laptop, logs into VPN, changes Outlook password.

HOWEVER, Webmail will still show them as logged in, password change on network does not affect current login, at least not in a short period of time.
0
Comment
Question by:Admin_Stooge
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 26

Expert Comment

by:e_aravind
ID: 33536338
By default the Private logon will have a longer *working/active* hours without refering back to the servers.

As per the URL:
Configuring Forms-Based Authentication for Outlook Web Access
http://technet.microsoft.com/en-us/library/bb123719(EXCHG.80).aspx

Recycle time for authentication key if you use the default time-out value ...for a private logons....4 hours

If you really need to change the values...you can do by registries (is that really needed?)
0
 

Author Comment

by:Admin_Stooge
ID: 33567703
I agree, that aspect is pretty straight forward, I am curious about the password change reference and how it relates
0
 
LVL 32

Accepted Solution

by:
endital1097 earned 2000 total points
ID: 34051940
I hope the following helps clear this up for you:
forms-based authentication uses a cookie to store a user's encrypted logon credentials that the Exchange server uses to monitor the activity of OWA sessions. if a session is inactive for too long (defaults are 15 minutes for public and 8 hours for private), the server requires re-authentication.  the initial login into the CAS to authenticate an Outlook Web Access session creates an encrypted cookie used to track user activity. after this initial logon, only the cookie is used for authentication between the client computer and the CAS. the recycle time for authentication is one half of the default time-out value (or 7.5 minutes for public and 4 hours for private). therefore a user can continue to work within OWA for up to four hours before the cookie will become invalid and fail authentication.

0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
CodeTwo Sync for iCloud (http://www.codetwo.com/sync-for-icloud?sts=6554) automatically synchronizes your Outlook 2016, 2013, 2010 or 2007 folders with iCloud folders available via iCloud Control Panel. This lets you automatically sync them with…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses
Course of the Month8 days, 12 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question