Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ability for ESC8 to issue cert on DC template automagically #19747

Open
bwatters-r7 opened this issue Dec 18, 2024 · 0 comments
Open

Add ability for ESC8 to issue cert on DC template automagically #19747

bwatters-r7 opened this issue Dec 18, 2024 · 0 comments
Assignees
@bwatters-r7
Labels
suggestion-feature New feature suggestions

Comments

@bwatters-r7
Copy link
Contributor

If an attacker uses petitpotam and cooerces the machine account to try to log into the relay, we should try and identify that specific login and instead of using the standard machine template, we should issue the DC template.
There are a few ways we can do this- we could try and issue the cert with the DC template and then fall back to the machine template if we fail, or possibly, we just need to check to see if we have access to the DC template, and then issue the cert only if we have access to the template.
@bwatters-r7 bwatters-r7 added the suggestion-feature New feature suggestions label Dec 18, 2024
@bwatters-r7 bwatters-r7 self-assigned this Dec 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bwatters-r7 bwatters-r7

Labels
suggestion-feature New feature suggestions
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bwatters-r7