Open Kirchmeister opened 1 year ago
This is interesting.
Is the attack path you envision:
Thanks for replying. Not sure exactly how you mean point 5. If you are able to request a malicious cert if the flag is set to 1 and the remaining patterns for ESC1 are matching, then you even might be able to request a new cert under 9 in the same way. That whole risk might not exist when the template is set to 9 and is applying to existing legit certs which haven’t been created by an malicious actor, as they initially have been created “clean”. But from the GUI description it looked to me like 9 may allow the escalation as well. I don’t have our prod environment in front of me and I also don’t have an lab environment for some testing.
Hi. I might be wrong and I didn't test it yet, but you are filtering the above setting for a 1 in "Find Templates with Bad Configs". Wouldn't a 9 be equally critical? I mean for renewals, it seems to be locked by this option, but isn't it the same risk for new certs as with a 1?