module
Misconfigured Certificate Template Finder
| Disclosed |
|---|
| 2021-06-17 |
Disclosed
2021-06-17
Description
This module allows users to query a LDAP server for vulnerable certificate
templates and will print these certificates out in a table along with which
attack they are vulnerable to and the SIDs that can be used to enroll in that
certificate template.
Additionally the module will also print out a list of known certificate servers
along with info about which vulnerable certificate templates the certificate server
allows enrollment in and which SIDs are authorized to use that certificate server to
perform this enrollment operation.
Currently the module is capable of checking for certificates that are vulnerable to ESC1, ESC2, ESC3, ESC4,
ESC13, and ESC15. The module is limited to checking for these techniques due to them being identifiable
remotely from a normal user account by analyzing the objects in LDAP.
templates and will print these certificates out in a table along with which
attack they are vulnerable to and the SIDs that can be used to enroll in that
certificate template.
Additionally the module will also print out a list of known certificate servers
along with info about which vulnerable certificate templates the certificate server
allows enrollment in and which SIDs are authorized to use that certificate server to
perform this enrollment operation.
Currently the module is capable of checking for certificates that are vulnerable to ESC1, ESC2, ESC3, ESC4,
ESC13, and ESC15. The module is limited to checking for these techniques due to them being identifiable
remotely from a normal user account by analyzing the objects in LDAP.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.