Solved

How to fix following OWA / Password Flaw?

Posted on 2010-08-26
5
486 Views
Last Modified: 2012-08-14
Scenario

Employee logs into Webmail, say at a hotel kiosk

Employee selects "private computer" as an option

Employee finishes work and leaves hotel

Employee remembers they left kiosk without logging out

Employee knows that typing "https://web" may or will autocomplete with full TMO Webmail address

Employee suspects (which is true) persistent cookie will show then as logged in.

Employee sets up their laptop, logs into VPN, changes Outlook password.

HOWEVER, Webmail will still show them as logged in, password change on network does not affect current login, at least not in a short period of time.
0
Comment
Question by:Admin_Stooge
5 Comments
 
LVL 26

Expert Comment

by:e_aravind
ID: 33536338
By default the Private logon will have a longer *working/active* hours without refering back to the servers.

As per the URL:
Configuring Forms-Based Authentication for Outlook Web Access
http://technet.microsoft.com/en-us/library/bb123719(EXCHG.80).aspx

Recycle time for authentication key if you use the default time-out value ...for a private logons....4 hours

If you really need to change the values...you can do by registries (is that really needed?)
0
 

Author Comment

by:Admin_Stooge
ID: 33567703
I agree, that aspect is pretty straight forward, I am curious about the password change reference and how it relates
0
 
LVL 32

Accepted Solution

by:
endital1097 earned 500 total points
ID: 34051940
I hope the following helps clear this up for you:
forms-based authentication uses a cookie to store a user's encrypted logon credentials that the Exchange server uses to monitor the activity of OWA sessions. if a session is inactive for too long (defaults are 15 minutes for public and 8 hours for private), the server requires re-authentication.  the initial login into the CAS to authenticate an Outlook Web Access session creates an encrypted cookie used to track user activity. after this initial logon, only the cookie is used for authentication between the client computer and the CAS. the recycle time for authentication is one half of the default time-out value (or 7.5 minutes for public and 4 hours for private). therefore a user can continue to work within OWA for up to four hours before the cookie will become invalid and fail authentication.

0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Do i need to Open Port 636 on Domain controller for setting up LDAP 3 29
Exchange Server 2013 crash 3 22
Sonicwall SHA issue 4 30
Exchange Certificate 5 42
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
Many people use more than one email account and so it becomes difficult for them to manage them when they use separate accounts,  so, in this article, I have shared an easy way to add Other Mail Accounts in your Google Inbox. It helps to combine all…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question