This article discusses Active Directory Certificate Services (AD CS) certificate templates and their role in managing digital certificates for users, computers, and services. It highlights vulnerabilities arising from misconfigured templates that can be exploited for privilege escalation. Affected: Active Directory, Digital Certificate Security, IT Security
Keypoints :
- AD CS certificate templates define certificate types, purposes, and parameters.
- Common certificate templates include User, Computer, Web Enrollment, and Code Signing certificates.
- Misconfigurations in AD CS can allow unauthorized users to request certificates for high-privilege accounts.
- Misconfigurations include allowing users to define their Subject Alternative Name (SAN) and issuing certificates without approval.
- Enumeration and exploitation methods include Certipy-ad, Metasploit, and Certify.exe.
- Mitigation strategies involve restricting certificate template permissions and enforcing strong cryptography standards.
- Monitoring certificate issuance and implementing revocation policies are critical for preventing misuse.
Full Story: https://www.hackingarticles.in/ad-certificate-exploitation-esc1/