msPKI-Certificate-Name-Flag check in ESC1-3 could result in false negatives

TrimarcJake / Locksmith

A small tool built to find and fix common misconfigurations in Active Directory Certificate Services.

https://github.com/TrimarcJake/Locksmith

Other

768 stars 72 forks source link

msPKI-Certificate-Name-Flag check in ESC1-3 could result in false negatives #122

Closed TrimarcJake closed 1 week ago

TrimarcJake commented 4 months ago

msPKI-Certificate-Name-Flag check in ESC1-3 currently uses a direct comparison (-eq) instead of a bitwise comparison (-band) which could result in false negatives in situations where multiple msPKI-Certificate-Name-Flag bits are enabled.

TrimarcJake commented 1 week ago

Merged in 2024.3.