Hillary Clinton isn't the only one who may have had an e-mail security problem. A security researcher has discovered that the Trump Organization's mail servers all run on a version of Microsoft Windows Server that has been out of support for years, with minimal user security. The e-mail servers for Trump's hotels, golf courses and other businesses run on an unpatched version of Windows Server 2003 with Internet Information Server 6—making them a vulnerable target for anyone who might want to gain access to the organization's e-mails.
Security researcher Kevin Beaumont posted the finding on Twitter at 6:00pm on Monday:
Quick update on Trump corp email servers - all internet accessible, single factor auth, no MDM, Win2003, no security patching. pic.twitter.com/nIMTa9UmdL
— Kevin Beaumont (@GossiTheDog) October 17, 2016
Beaumont also found the Trump Organization's Web-based e-mail access page. Until this morning, the Trump Organization allowed Outlook Web Access (OWA) logins from webmail.trumporg.com. Beaumont said he did not attempt to log into the e-mail system.
The page still presents the header for Microsoft Exchange Outlook Web Access, but it does not completely load. However, enough code for the page loads to reveal that the Web front-end is for a March 2015 build of Microsoft Exchange 2007 (SP3 RU16)—a version with a number of known vulnerabilities.
You must login or create an account to comment.