vletoux
commented
4 months ago Thanks for submitting the PR
However what you see here is just an extract of the full / private Ping Castle code.
In fact the bug was already reported a few months ago and I already made the fix (for the upcoming version to be published soon)
Also the fix proposed is only partial as you can see in my commit that I am fixing another issue.
Some environments I tested have the DisplaySpecifier string composed by entries separated by comma and space (
,) instead of just comma (,).Even if the configuration is accepted by Active Directory and the DisplaySpecifier script is correctly placed in the SYSVOL directory, PingCastle reports it as a vulnerability.
To fix the issue, I just ensure that the script path is trimmed, to avoid spaces messing up with the rule.