Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. FIX: Mailboxes can be accessed if the DefaultNetworkCredentials option is selected when you use EWS Managed API to connect to Exchange Server

FIX: Mailboxes can be accessed if the DefaultNetworkCredentials option is selected when you use EWS Managed API to connect to Exchange Server

View products that this article applies to.

Symptoms

You use Exchange Web Services (EWS) Managed API to connect to a coexistence environment of Microsoft Exchange Server 2013 and Microsoft Exchange Server 2010. If you have the DefaultNetworkCredentials option selected, you can access others people's mailboxes and read the message content in those mailboxes.

↑ Back to the top

Cause

This issue occurs when the initial token in the SOAP envelope is ignored during EWS proxy. In this situation, the token is not processed by using permission checking.

↑ Back to the top

Resolution

To fix this issue, install Update Rollup 12 for Exchange Server 2010 Service Pack 3.

↑ Back to the top

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top

References

Learn about the terminology that Microsoft uses to describe software updates.

↑ Back to the top

Keywords: kbqfe, kbsurveynew, kbnotautohotfix, kbfix, kbexpertiseinter, kb

↑ Back to the top

Article Info
Article ID : 3115809
Revision : 1
Created on : 1/7/2017
Published on : 12/15/2015
Exists online : False
Views : 237