GMS and blank password security testing.

Is there any documentation that states categorically whether or not a passwordless mailbox can be authenticated to via GMS? If not, is there a client like tool that I can test GMS logon without a password?

All ActiveSync clients and tools that I have tried so far require a password be entered on the client side before the tool will attempt to authenticate. Is there one that will test with a null password?

Parents
  • 0  

    You should just be able to test basic authentication via curl, below should get you started

    curl -v -u "user" "">mail.example.com/Microsoft-Server-ActiveSync"

    Rodney

    If you found this post useful, give it a "Like" or click on "Verify Answer" under the "More" button.   This helps others.

  • 0 in reply to   

    Thanks for getting me started. The precise command is

    curl -v -k -u domain\\username:password -H "Host:FQDN" --request OPTIONS ht7ps://FQDN/Microsoft-Server-ActiveSync

    Leaving the password off will result in a prompt for password. This can be used interactively on the command line, but does not lend to use in scripts.

    Valid examples are: (replace ht7ps with https)

    curl -v -k -u .\\sally:1234 -H "Host:gms.corporate.tld" --request OPTIONS ht7ps://gms.corporate.tld/Microsoft-Server-ActiveSync

    curl -v -k -u .\\sally -H "Host:10.23.45.67" --request OPTIONS ht7ps://10.23.45.67/Microsoft-Server-ActiveSync

    The above command prompts for Sally's password.

    For GMS 24.2 mailboxes with blank passwords cannot be logged into. These login attempts  cause the server to return

    HTTP/1.1 401 Unauthorized
    Access is Denied

Reply
  • 0 in reply to   

    Thanks for getting me started. The precise command is

    curl -v -k -u domain\\username:password -H "Host:FQDN" --request OPTIONS ht7ps://FQDN/Microsoft-Server-ActiveSync

    Leaving the password off will result in a prompt for password. This can be used interactively on the command line, but does not lend to use in scripts.

    Valid examples are: (replace ht7ps with https)

    curl -v -k -u .\\sally:1234 -H "Host:gms.corporate.tld" --request OPTIONS ht7ps://gms.corporate.tld/Microsoft-Server-ActiveSync

    curl -v -k -u .\\sally -H "Host:10.23.45.67" --request OPTIONS ht7ps://10.23.45.67/Microsoft-Server-ActiveSync

    The above command prompts for Sally's password.

    For GMS 24.2 mailboxes with blank passwords cannot be logged into. These login attempts  cause the server to return

    HTTP/1.1 401 Unauthorized
    Access is Denied

Children
No Data