![]() Were you able to return to the active OWA session without reauthenticating? Step 5: From the address bar, view the browser history and select the OWA session. Step 4: Navigate to another web page (try “cnn.com”). Were you able to return to the active OWA session without reauthenticating?Ĭan you see how easy it would be to forget that you have an active OWA session in the background, especially after you have covered or minimized the window by checking the weather, checking for a flight delay or spent some time checking out YouTube or LinkedIn. Step 2: Navigate to another web page by entering the URL of the page in the address bar of the browser. (Try “”) Note: If you are using RSA or another 2-factor authentication product, you should log on with it active before completing these tests. That will ensure you are seeing the same results as you would in normal usage. This scenario can easily occur to even the most conscientious user who was distracted or wasn’t aware how their actions would leave their OWA session exposed. When a user accesses a new web page without first closing their active OWA session, the next user on that computer can gain unauthorized access to the original user’s account, often with a single click, and without id and password authentication. Test Case 1a: Gaining Access to Outlook Web App without Authentication Simply follow the instructions described in the following usage cases and learn how secure your OWA implementation really is. To help you discover if your Outlook Web implementation is secure, we’ve created a 3-post series that will help you test a number of the more common Outlook Web scenarios that result in publically exposing your organization’s confidential files and documents, as well as active OWA sessions. ![]() Often employees put the company at risk by inadvertently exposing an active Outlook Web session, allowing would be hackers to gain access without authentication. One of these risks relates to the exposure of sensitive corporate information through email and email attachments. Unfortunately, all this increased mobility and flexibility has exposed new security risks for businesses and IT, risks that sophisticated hackers are quick to exploit. Nowadays employees are mobile and constantly connected the traditional work environment has expanded beyond the physical office walls to include coffee shops, airports, and home.
0 Comments
Leave a Reply. |