lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed Jan 18 17:30:57 2006
From: pauls at utdallas.edu (Paul Schmehl)
Subject: Question for the Windows pros

--On Wednesday, January 18, 2006 16:54:38 +0000 Stuart Dunkeld 
<stuartd@...il.com> wrote:

> On 18/01/06, Paul Schmehl <pauls@...allas.edu> wrote:
>
>> What are the risks associated with granting Authenticated Users (AD 2003)
>> the Impersonate client after authentication privilege?  I've googled and
>> read endlessly repetitive explanations for what the privilege is (most of
>> them nearly incomprehensible), but I have yet to find anyone who
>> articulates the risks associated with such a change.
>
> "Assigning this privilege to a user allows programs running on behalf
> of that user to impersonate a client. Requiring this user right for
> this kind of impersonation prevents an unauthorized user from
> convincing a client to connect (for example, by remote procedure call
> (RPC) or named pipes) to a service that they have created and then
> impersonating that client, which can elevate the unauthorized user's
> permissions to administrative or system levels." [1]
>
I can read.  I need to know, from a practical application standpoint, what 
does this mean.  What are the exposures?

Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ