23 matches found
AD/CS Authenticated Web Enrollment Services Module
Authenticates to the AD/CS Web enrollment service and allows the user to query templates and create certificates based on available templates. Module Options msf use auxiliary/admin/http/webenrollmentcert msf auxiliarywebenrollmentcert show actions ...actions... msf auxiliarywebenrollmentcert set...
SUSE CVE-2026-25963
Fleet is open source device management software. In versions prior to 4.80.1, a broken authorization check in Fleet's certificate template deletion API could allow a team administrator to delete certificate templates belonging to other teams within the same Fleet instance. Fleet supports...
CVE-2026-25963
Fleet is open source device management software. In versions prior to 4.80.1, a broken authorization check in Fleet’s certificate template deletion API could allow a team administrator to delete certificate templates belonging to other teams within the same Fleet instance. Fleet supports...
EUVD-2026-8828
Fleet: Authorization Bypass in certificate template batch deletion for team administrators...
GHSA-5JVP-M9H4-253H Fleet: Authorization Bypass in certificate template batch deletion for team administrators
Summary A broken authorization check in Fleet’s certificate template deletion API could allow a team administrator to delete certificate templates belonging to other teams within the same Fleet instance. Impact Fleet supports certificate templates that are scoped to individual teams. In affected...
Fleet: Authorization Bypass in certificate template batch deletion for team administrators
Summary A broken authorization check in Fleet’s certificate template deletion API could allow a team administrator to delete certificate templates belonging to other teams within the same Fleet instance. Impact Fleet supports certificate templates that are scoped to individual teams. In affected...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization through the certificate template batch deletion process. An attacker can remove certificate templates belonging to other teams by supplying arbitrary team identifiers and template IDs to the API endpoint...
CVE-2026-25963
Fleet is open source device management software. In versions prior to 4.80.1, a broken authorization check in Fleet’s certificate template deletion API could allow a team administrator to delete certificate templates belonging to other teams within the same Fleet instance. Fleet supports...
CVE-2026-25963
Fleet is open source device management software. In versions prior to 4.80.1, a broken authorization check in Fleet’s certificate template deletion API could allow a team administrator to delete certificate templates belonging to other teams within the same Fleet instance. Fleet supports...
CVE-2026-25963 Fleet: Authorization Bypass in certificate template batch deletion for team administrators
Fleet is open source device management software. In versions prior to 4.80.1, a broken authorization check in Fleet’s certificate template deletion API could allow a team administrator to delete certificate templates belonging to other teams within the same Fleet instance. Fleet supports...
CVE-2026-25963
Fleet is an open source device management platform. In versions prior to 4.80.1, a broken authorization check in Fleet’s certificate template deletion API could let a team administrator delete certificate templates belonging to other teams within the same Fleet instance. The affected flow validat...
CVE-2026-25963 Fleet: Authorization Bypass in certificate template batch deletion for team administrators
Fleet is open source device management software. In versions prior to 4.80.1, a broken authorization check in Fleet’s certificate template deletion API could allow a team administrator to delete certificate templates belonging to other teams within the same Fleet instance. Fleet supports...
CVE-2026-25963 Fleet: Authorization Bypass in certificate template batch deletion for team administrators
Fleet is open source device management software. In versions prior to 4.80.1, a broken authorization check in Fleet’s certificate template deletion API could allow a team administrator to delete certificate templates belonging to other teams within the same Fleet instance. Fleet supports...
PT-2026-22116
Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.80.1 Description Fleet’s certificate template deletion API had a broken authorization check. This allowed a team administrator to delete certificate templates belonging to other teams within the same Fleet instance. T...
Metasploit Wrap-Up 08/01/2025
ESC support in Metasploit This week, we're excited to announce that Metasploit users can now detect certificate templates vulnerable to ESC9, ESC10, and ESC16 using the existing ldapescvulnerabletemplate module. In addition, users can now exploit these vulnerable templates with the brand new...
Misconfigured Certificate Template Finder
class MetasploitModule 'Misconfigured Certificate Template Finder', 'Description' = %q This module allows users to query a LDAP server for vulnerable certificate templates and will print these certificates out in a table along with which attack they are vulnerable to and the SIDs that can be used...
Metasploit Weekly Wrap-Up
AD CS certificate templates Our very own Spencer McIntyre has developed a new module that allows for creating, reading, updating and deleting certificate template objects from Active Directory. ESC4 Exploitation These changes notably enables the exploitation of the technique identified as ESC4...
Metasploit Weekly Wrap-Up
ADCS - ESC Vulnerable certificate template finder Our very own Grant Willcox has developed a new module which allows users to query a LDAP server for vulnerable Active Directory Certificate Services AD CS certificate templates. The module will print the detected certificate details, and the attac...
Misconfigured Certificate Template Finder
This module allows users to query a LDAP server for vulnerable certificate templates and will print these certificates out in a table along with which attack they are vulnerable to and the SIDs that can be used to enroll in that certificate template. Additionally the module will also print out a...
Living off the land, AD CS style
Introduction Unless you have been living under a rock for the last year or so, Active Directory Certificate Services AD CS abuse continues to be a hot topic in offensive security, ever since the excellent research released by Will Schroeder @harmj0y and Lee Christensen @tifkin. I, like many, have...