Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing Vuln Cert Template check for Domain Computers #224

Open
cmahrl opened this issue Mar 22, 2024 · 1 comment
Open

Missing Vuln Cert Template check for Domain Computers #224

cmahrl opened this issue Mar 22, 2024 · 1 comment
Labels
enhancement New feature or request

Comments

@cmahrl
Copy link

cmahrl commented Mar 22, 2024

PingCastle does not report when computers are allowed to enroll for vulnerable certificate templates, so a direct critical path to DA remains undetected. e.g.:

  1. Flag: EnrolleSuppliesSubject
  2. EKU: Client / Server Authentication
  3. Enrolement Rights: Domain Computers
  4. PWN
@JoeDibley JoeDibley added the enhancement New feature or request label Sep 11, 2024
@JoeDibley
Copy link

Hi there, Thanks for reporting this. This specific case is captured by PingCastle but only when the msds-MachineAccountQuota is not set to 0, which makes it even easier to exploit. I think Domain Computers on its own is a valid finding too so I have added this to the backlog for us to implement.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cmahrl @JoeDibley