漏洞标题
N/A
漏洞描述信息
LDAP over SSL(aka LDAPS)在Active Directory、Active Directory应用模式(ADAM)和Active Directory轻量级目录服务(AD LDS)中的实现,不会检查证书撤销列表(CRL),这允许远程验证的用户绕过预期证书限制,利用域账户访问Active Directory资源,aka "LDAPS Authentication Bypass Vulnerability"。
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka "LDAPS Authentication Bypass Vulnerability."
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Microsoft Windows 特权提升漏洞
漏洞描述信息
Microsoft Windows Vista是是美国微软(Microsoft)公司发布的一套操作系统。 Microsoft Windows的Active Directory 中存在一个特权提升漏洞。攻击者可以通过使用以前吊销的证书向 Active Directory 域执行身份验证来利用此漏洞,并获取对网络资源的访问权限,或者使用证书与之相关联的特定授权用户的权限运行代码。
CVSS信息
N/A
漏洞类别
授权问题