[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002)
- To: Kurt Dillard <kurtdillard@xxxxxxx>
- Subject: Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002)
- From: Luigi Rosa <lists@xxxxxxxxxxxxx>
- Date: Mon, 13 Dec 2010 20:44:46 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Kurt Dillard said the following on 13/12/10 20:09:
> So far I agree with Thor. Did I miss something? Has anyone demonstrated
> using the locally cached credentials to access resources across the network?
> So far I haven't seen anything new or interesting in this thread:
Since the procedure involves the disconnection from network, IMHO this "flaw"
only demonstrates that the physical access is equal to the root/Administrator
access.
Ciao,
luigi
- --
/
+--[Luigi Rosa]--
\
You talk like a Minbari, Commander.
Perhaps there was some small wisdom in letting your species survive.
--Neroon, "Legacies"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk0Gd6oACgkQ3kWu7Tfl6ZRGugCfcbXguUKxEoG7pNtr18gWp+gt
rtEAoJhq6+Xg89/dn5vbXL6yjlC/H+nG
=urN/
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/