With an incorrect VIP Security Code, LDAP users may be able to access VIP (Outlook Web Access) OWA.
Incorrect path is set in for owaauth.dll (VIP Integration Settings --> Authentication Configuration --> Plugin's URL Configuration)
Do not use the full path of owaauth.dll (for example, C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Owa\auth\owaauth.dll). Instead, use /owa/auth/owaauth.dll
After making a change, perform an iisreset.