ADCS-ESC1: Misconfigured Certificate Templates Leading to Full Domain Compromise

cobalt.io · GhostShift · 1 day ago · vulnerability
quality 5/10 · average
0 net
AI Summary

ADCS ESC1 is a critical Active Directory Certificate Services misconfiguration where improperly configured certificate templates allow low-privileged users to request certificates on behalf of domain administrators, enabling full domain compromise through privilege escalation.

Tags
active-directory certificate-services adcs esc1 privilege-escalation domain-admin certificate-template misconfig lateral-movement windows
Entities
ADCS ESC1 Active Directory Certificate Services
ADCS-ESC1: Misconfigured Certificate Templates Leading to Full Domain Compromise

Executive Summary

Active Directory Certificate Services (ADCS) ESC1 is a critical misconfiguration that allows attackers with low-privileged domain credentials to escalate to Domain Administrator. This vulnerability exists when certificate templates are improperly configured, allowing users to request certificates on behalf of any domain account, including administrators.

← Back to stories