lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 13 Dec 2010 20:16:28 +0100
From: Ansgar Wiechers <>
Subject: Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching
	Allows Local Workstation Admins to Temporarily Escalate Privileges
	and Login as Cached Domain Admin Accounts (2010-M$-002)

On 2010-12-13 Andrea Lee wrote:
> A local admin is an admin on one system. The domain admin is an admin
> on all systems in the domain, including mission critical Windows
> servers. With temporary domain admin privs, the local admin could log
> into the AD and change permissions / passwords for another user or
> another user, thus getting full admin rights on all systems for a long
> period of time.

Can he? The OP isn't too clear about this, but it was my understanding,
that the local admin can impersonate the cached domain account on the
local machine, but not on the network. In which case your point about
the domain admin being "bigger" from the domain perspective is true, but
is also completely moot, as a local admin could only impersonate another
account with local admin privileges. Which he can do anyway.

Ansgar Wiechers
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

Powered by blists - more mailing lists