Hey guys,
So I've been trying to check if there are any password reset links that and end user with a Owa based mailbox account can reset his password ( and this is the Sci-fi part ) only with his username.
I've been hearing some rumors about this from other teams and high-up teams in my company that some users can use this specified link code and just be implementing their usernames.The server is a 2010 version.
And to top it off the this is a public logon, they can do this from home if needed.
It started from an e-mail going around with the link below then someone somehow found another way I guess.
https://webmaildomain.com/ecp/PersonalSettings/Password.aspx or similar ones ( older versions for the 2003 package based server ).
Can such a link exist?