Skip to main content

Microsoft Windows Active Directory LDAPS Authentication Bypass Vulnerability

Last Update Date: 9 Nov 2011 12:29 Release Date: 9 Nov 2011 5679 Views

RISK: Medium Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS

An elevation of privilege vulnerability exists in Active Directory when configured to use LDAP over SSL (LDAPS). An attacker could exploit this vulnerability by using a previously revoked certificate to authenticate to the Active Directory domain and gain access to network resources or run code under the privileges of a specific authorized user with which the certificate is associated.


Impact

  • Elevation of Privilege

System / Technologies affected

  • Windows XP
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Windows 7
  • Windows Server 2008 R2

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier


Source


Related Link