lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ae1c8e460601180854v698bf921l@mail.gmail.com>
Date: Wed Jan 18 16:54:46 2006
From: stuartd at gmail.com (Stuart Dunkeld)
Subject: Question for the Windows pros

On 18/01/06, Paul Schmehl <pauls@...allas.edu> wrote:

> What are the risks associated with granting Authenticated Users (AD 2003)
> the Impersonate client after authentication privilege?  I've googled and
> read endlessly repetitive explanations for what the privilege is (most of
> them nearly incomprehensible), but I have yet to find anyone who
> articulates the risks associated with such a change.

"Assigning this privilege to a user allows programs running on behalf
of that user to impersonate a client. Requiring this user right for
this kind of impersonation prevents an unauthorized user from
convincing a client to connect (for example, by remote procedure call
(RPC) or named pipes) to a service that they have created and then
impersonating that client, which can elevate the unauthorized user's
permissions to administrative or system levels." [1]

regards

stuartd

[1] http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/fe1fb475-4bc8-484b-9828-a096262b54ca.mspx

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ