Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

gather/ldap_esc_vulnerable_cert_finder - Disclose when templates are configured to pend requests. #19778

Open
aquinn-r7 opened this issue Dec 30, 2024 · 0 comments
Open

gather/ldap_esc_vulnerable_cert_finder - Disclose when templates are configured to pend requests. #19778

aquinn-r7 opened this issue Dec 30, 2024 · 0 comments
Labels
suggestion-feature New feature suggestions

Comments

@aquinn-r7
Copy link

If we find templates that are configured with the msPKI-Enrollment-FlagCT_FLAG_PEND_ALL_REQUESTS bit set, all requests will pend unless the administrator approves the CSR. We should note to the user that requests to these templates will pend and not generate certificates ahead of time to reduce noise within the environment.

I may take a look into doing this myself. It should be a fairly easy lift, and should only require observation of the bit setting. If identified, we can raise an alert to the user that requests to the template will fail regardless of vulnerability status.
@aquinn-r7 aquinn-r7 added the suggestion-feature New feature suggestions label Dec 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
suggestion-feature New feature suggestions
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@aquinn-r7