Bugtraq: Re: Exchange Server 5.0 POP3 Security Hole

[aleph1 () DFW NET (Aleph One)]

---------- Forwarded message ----------
Article-ID: 08_1997&4298506
Subject: Re: Exchange Server 5.0 POP3 Security Hole
From: "Jim Reitz" <jimre () exchange microsoft com>
Date: Wed, 27 Aug 1997 09:08:39 -0700
Message-ID: <uJ$a4Ows8GA.170 () uppssnewspub04 moswest msn net>
Newsgroups: microsoft.public.exchange.admin


Yep - I checked and it looks like the article has not yet propagated to the
external servers. I'm told this should happen sometime today. In the
meantime, here are the relevant registry keys from the article:

MORE INFORMATION
================
The credentials cache is controlled by the following registry values:

HKLM\System\CurrentControlSet\Services
    \MsExchangeIs\ParametersNetIf
    \Credentials Cache Age Limit                  (Default  = 120 minutes)

HKLM\System\CurrentControlSet\Services
    \MsExchangeIs\ParametersNetIf
    \Credentials Cache Idle Limit                  (Default = 15 minutes)

HKLM\System\CurrentControlSet\Services
     \MsExchangeIs\ParametersNetIf
      \Credentials Cache Size                       (Default = 256 buckets,
to turn off caching, you should set the size = 0)

Sue Mosher [MVP] wrote in message <01bcb2a4$703f2b60$0100007f () mailman>...
> Jim,
>
> That KB article is not posted yet.
>
> --
> Sue Mosher
> Slipstick Systems, Moscow
> FAQs at Exchange Center --  http://www.slipstick.com/exchange



[end of message ... text also available at 
<url:http://www.reference.com/cgi-bin/pn/go.py?choice=message&table=08_1997&mid=4298506&hilit=HOLE+SECURITY> ]