View Full Version : M$ Outlook Web Access (OWA)

06-13-2008, 02:08 PM
Does anyones business use this tool? I know a lot of the schools here in the US use it. I found something out about it today that I didn't expect. I was logging into my e-mail with a firefox tool called Tamper Data that allows me to edit POST and GET parameters and I saw my password, it plain text. How many routers, gateways, etc did my password go through, plainly labeled as password with the username also equally labeled? What if there's a packet sniffer anywhere in between. What ever happened to the security idiom that stated that you should never transport an unencrypted password? There are javascript functions for MD5 and SHA1 hashing, why don't they use it?