|Applies To||Microsoft Outlook Web Access (OWA)|
Microsoft Internet Information Server (IIS)
RSA ACE/Agent for Windows
RSA ACE/Agent for Web
|Issue||Microsoft Outlook Web Access allows a different login ID after SecurID authentication|
After authenticating via the ACE/Agent, Outlook Web Access asks for a separate user name and password. You are able to submit a different user name & password combination and gain access to another user's mailbox.
|Resolution||RSA Security has created a hot fix for this issue in both ACE/Agent 4.4.3 and ACE/Agent 5.0. Please contact RSA Technical Support and request the hot fix tst00026841.|
|Legacy Article ID||a10446|