Microsoft Outlook Web Access Login Form Remote URI Redirection Vulnerability

A remote URI-redirection vulnerability affects Microsoft Outlook Web Access. This issue occurs because the application fails to properly sanitize URI-supplied data.

An attacker may leverage this issue to carry out convincing phishing attacks against unsuspecting users by causing an arbitrary page to be loaded when the Microsoft Outlook Web Access login form is submitted.

Information

Bugtraq ID: 12459
Class: Input Validation Error
CVE: CVE-2005-0420

Remote: Yes
Local: No
Published: Feb 07 2005 12:00AM
Updated: May 31 2019 10:00PM
Credit: "morning_wood" <[email protected]> is credited with the disclosure of this issue.
Vulnerable: Microsoft Exchange Server 2003 SP1
Microsoft Exchange Server 2003

Not Vulnerable: Microsoft Exchange Server 2007 0

Exploit

No exploit is required. The following proofs of concept have been provided:

https://owa.example.com/exchweb/bin/auth/owalogon.asp?url=http://www.example.net
https://owa.example.com/exchweb/bin/auth/owalogon.asp?url=http://3221234342/

References:

• [Full-disclosure] OWA login redirection - Mitigation (Morning Wood)
  
• Exchange Server Home Page (Microsoft)
  
• EXPL-A-2005-001 exploitlabs.com Advisory 030 (Donnie Werner)
  

Source: www.securityfocus.com