Potential Rule Bug in A-CertEnrollChannelBinding

netwrix / pingcastle

PingCastle - Get Active Directory Security at 80% in 20% of the time

https://www.pingcastle.com

Other

2.36k stars 293 forks source link

Potential Rule Bug in A-CertEnrollChannelBinding #146

Closed atanurelmasoglu closed 1 year ago

atanurelmasoglu commented 2 years ago

Hello Vincent!

While I was analyzing the ruleset for the A-CertEnrollChannelBinding rule, the second condition block checks whether the CESHttps attribute is set or not. Please correct me If am wrong but I guess this condition should be done with the CESChannelBindingDisabled attribute.

Could you please take a look at that behaviour?

vletoux commented 2 years ago

Yes you are correct this seems like a bug

Here: https://github.com/vletoux/pingcastle/blob/d2b15aa3e672371d98c769b234da87689456c4ed/Healthcheck/Rules/HeatlcheckRuleAnomalyCertEnrollCB.cs#L32

refering to computation code here: https://github.com/vletoux/pingcastle/blob/d2b15aa3e672371d98c769b234da87689456c4ed/Healthcheck/HealthcheckAnalyzer.cs#L2307-L2315

vletoux commented 1 year ago

to be closed in version 3