Bugtraq mailing list archives
Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002)
From: "Stefan Kanthak" <stefan.kanthak () nexgo de>
Date: Mon, 13 Dec 2010 20:32:30 +0100
"Andrea Lee" <andrea () kattrap net> wrote:
I hope I'm not just feeding the troll...
No. You just made a complete fool of yourself.-P Read the initial post again. CAREFULLY. Especially that part about unplugging from the network.
A local admin is an admin on one system. The domain admin is an admin on all systems in the domain, including mission critical Windows servers.
Correct so far.
With temporary domain admin privs,
What are "temporary domain admin privs"? If you meant to say "cached credentials", just use "cached credentials".
the local admin could log into the AD
A local admin (or better: a local user account) CAN'T log into the AD. Only domain user accounts can. Cached credentials are stored for domain accounts only, and are only used when the AD is NOT available during login. They are NEVER used to login to another computer!
and change permissions / passwords for another user or another user, thus getting full admin rights on all systems for a long period of time. Plus whatever havoc might be caused by having the ability to change rights on fileshares to allow the new domain admin to see confidential files.. I would expect that the intent is to use another flaw for a normal user to become a local admin, and then jump to domain admin via this.
You got wrong expectations. And: there is no "jump"!
So yes. In an enterprise environment, the "domain administrator" is "bigger".
GIGO! Stefan [ braindead fullquote removed ]
Current thread:
- Re: Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily EscalatePrivileges and Login as Cached Domain Admin Accounts (2010-M$-002), (continued)
- Re: Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily EscalatePrivileges and Login as Cached Domain Admin Accounts (2010-M$-002) Stefan Kanthak (Dec 13)
- RE: Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily EscalatePrivileges and Login as Cached Domain Admin Accounts (2010-M$-002) Michael Wojcik (Dec 13)
- RE: [Full-disclosure] Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily EscalatePrivileges and Login as Cached Domain Admin Accounts (2010-M$-002) Thor (Hammer of God) (Dec 15)
- Message not available
- Re: [Full-disclosure] Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily EscalatePrivileges and Login as Cached Domain Admin Accounts (2010-M$-002) Marsh Ray (Dec 15)
- RE: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) Thor (Hammer of God) (Dec 13)
- Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) Andrea Lee (Dec 13)
- RE: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) Thor (Hammer of God) (Dec 13)
- RE: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) Kurt Dillard (Dec 13)
- Re: RE: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) StenoPlasma @ www.ExploitDevelopment.com (Dec 15)
- Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) Ansgar Wiechers (Dec 13)
- Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) Stefan Kanthak (Dec 15)
- RE: [Full-disclosure] Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily Escalate Privileges andLogin as Cached Domain Admin Accounts (2010-M$-002) David Gillett (Dec 13)
- Re: [Full-disclosure] Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily Escalate Privileges andLogin as Cached Domain Admin Accounts (2010-M$-002) Michael Bauer (Dec 15)