Hello ly4k and Certipy team, hope you're doing well.
During a pentest, I encountered a certificate vulnerable to ESC1, ESC2, and ESC3, however, there is no Certificate Authority to use on the -ca flag. There is anything that I can do?
For context, this is my current scenario:
Template Name : EXAMPLECA
Display Name : EXAMPLE CA
Enabled : False
Client Authentication : True
Enrollment Agent : True
Any Purpose : True
...
[!] Vulnerabilities
ESC1 : 'DC.LOCAL\\Authenticated Users' can enroll, enrollee supplies subject and template allows client authentication
ESC2 : 'DC.LOCAL\\Authenticated Users' can enroll and template can be used for any purpose
ESC3 : 'DC.LOCAL\\Authenticated Users' can enroll and template has Certificate Request Agent EKU set
Hello ly4k and Certipy team, hope you're doing well.
During a pentest, I encountered a certificate vulnerable to ESC1, ESC2, and ESC3, however, there is no Certificate Authority to use on the -ca flag. There is anything that I can do?
For context, this is my current scenario: