專案資訊 #1075: ADCS Web Enrollment Enabled for high-privileged accounts - 01_外部專案 - MIS部門作業管理平台

動作

複製連結

專案資訊 #1075

進行中

專案資訊 #1064: 2025-PenTest

ADCS Web Enrollment Enabled for high-privileged accounts

是由 Joy Liao 於 3 個月前加入. 於約 2 個月前更新.

狀態:

Resolved-解决

優先權:

Normal

被分派者:

益利周

分類:

開始日期:

2025-08-01

完成日期:

2025-12-31 (逾期 25 天)

完成百分比:

100%

預估工時:

概述

N bookmark20250529113929916258883991 "ADCS Web Enrollment Enabled for high-privileged accounts

" Enabling ADCS Web Enrollment for high-privileged accounts increases the risk of credential theft, as attackers could exploit web-based vulnerabilities (like MITM or phishing) to intercept or forge certificates. This could lead to privilege escalation and domain compromise if abused for unauthorized authentication. "The following approaches are recommended to mitigate this potential vulnerability.

Enable Extended Protection for Authentication (EPA) on the ADCS Server.

Disable NTLM on the ADCS Server

Enforce SMB and LDAP Signing

檔案

下載所有檔案

clipboard-202511271729-zjpzs.png (75.5 KB) clipboard-202511271729-zjpzs.png		益利周, 2025-11-27 17:28
clipboard-202511271734-mjb7z.png (290 KB) clipboard-202511271734-mjb7z.png		益利周, 2025-11-27 17:33
clipboard-202511271745-7neha.png (34.4 KB) clipboard-202511271745-7neha.png		益利周, 2025-11-27 17:45

動作

複製連結

匯出至 Atom PDF

專案

一般

配置概況

(07)專案管理 » 01_外部專案

自訂查詢