CLSA-2026-1777321102 Fix CVE(s): CVE-2022-26923, CVE-2022-32743

SECURITY UPDATE: Samba AD DC did not enforce the Validated-DNS-Host-Name write right, allowing an unprivileged authenticated user with machine account write access e.g. SeMachineAccountPrivilege to set the dNSHostName attribute to an arbitrary value, bypassing the MS-ADTS requirement that it matc...

Unisys WebPerfect Image Suite 安全漏洞

Unisys WebPerfect Image Suite is an enterprise document imaging and management system developed by Unisys, Inc. Both versions of Unisys WebPerfect Image Suite 3.0.3960.22810 and 3.0.3960.22604 contain security vulnerabilities. These vulnerabilities stem from the exposure of deprecated.NET Remotin...

EUVD-2015-8349

Malware in sbrugna...

CVE-2024-1243

The CVE-2024-1243 entry concerns Wazuh agent for Windows prior to 4.8.0. It states improper input validation can be exploited by an attacker who controls the Wazuh server or agent key to configure the agent to connect to a malicious UNC path, leading to leakage of the machine account NetNTLMv2 ha...

Netlogon Weak Cryptographic Authentication

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'windowserror' class MetasploitModule 'Netlogon Weak Cryptographic Authentication', 'Description' = %q A vulnerability exists within the Netlogon authentication...

How to Troubleshoot Provisioning Services Server Machine Account Password

This article contains information about troubleshooting the Provisioning Services PVS Server machine account passwords...

Machine Account Password Fails to Update

While configuring Active Directory machine account password management in the virtual disk file properties, the machine account password expires after the determined value timeout without successfully changing...

CVE-2023-38994

The 'checkuniventionjoinstatus' prometheus monitoring script and other scripts in UCS 5.0-5 revealed the LDAP plaintext password of the machine account in the process list allowing attackers with local ssh access to gain higher privileges and perform followup attacks. By default, the configuratio...

Default configuration

The 'checkuniventionjoinstatus' prometheus monitoring script and other scripts in UCS 5.0-5 revealed the LDAP plaintext password of the machine account in the process list allowing attackers with local ssh access to gain higher privileges and perform followup attacks. By default, the configuratio...

PT-2023-7018 · Univention · Univention Corporate Server

Name of the Vulnerable Software and Affected Versions: Univention Corporate Server UCS versions 5.0-5 Description: The issue is related to the check univention joinstatus prometheus monitoring script, which reveals the LDAP plaintext password of the machine account in the process list. This allow...

CVE-2023-38994

The 'checkuniventionjoinstatus' prometheus monitoring script and other scripts in UCS 5.0-5 revealed the LDAP plaintext password of the machine account in the process list allowing attackers with local ssh access to gain higher privileges and perform followup attacks. By default, the configuratio...

msLDAPDump - LDAP Enumeration Tool

msLDAPDump simplifies LDAP enumeration in a domain environment by wrapping the lpap3 library from Python in an easy-to-use interface. Like most of my tools, this one works best on Windows. If using Unix, the tool will not resolve hostnames that are not accessible via eth0 currently. Binding...

SUSE CVE-2006-1059

The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account password in cleartext in log files, which allows local users to obtain the password and spoof the server in the domain...

SUSE CVE-2015-8467

The samldbcheckuseraccountcontrolacl function in dsdb/samdb/ldbmodules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative privileges during creation of machine accounts, which allows remote authenticated users to bypass...

Domain Persistence – Machine Account

Machine accounts play a role in red team operations as in a number of techniques are utilized for privilege escalation, lateral movement and domain escalation.… Continue reading - Domain Persistence - Machine Account...

Domain Persistence – Machine Account

Machine accounts play a role in red team operations as in a number of techniques are utilized for privilege escalation, lateral movement and domain escalation.… Continue reading - Domain Persistence - Machine Account...

SpoolSploit - A Collection Of Windows Print Spooler Exploits Containerized With Other Utilities For Practical Exploitation

A collection of Windows print spooler exploits containerized with other utilities for practical exploitation. Summary SpoolSploit is a collection of Windows print spooler exploits containerized with other utilities for practical exploitation. A couple of highly effective methods would be relaying...

Citrix Provisioning "The trust relationship between this workstation and the primary domain failed."

Windows 10 image loosing trust relationship to the domain after reboot. Machine account reset from PVS server succeeds however VM still gets the same error after reboot and can not login with domain account...

Exploit for CVE-2020-1472

PoC exploit for CVE-2020-1472, a Windows ZeroLogon vulnerability. The exploit targets the Netlogon service on a Domain Controller DC and allows an attacker to set an empty password for the DC's machine account. This is achieved by exploiting the vulnerability in the Netlogon service, which allows...

Netlogon Weak Cryptographic Authentication

A vulnerability exists within the Netlogon authentication process where the security properties granted by AES are lost due to an implementation flaw related to the use of a static initialization vector IV. An attacker can leverage this flaw to target an Active Directory Domain Controller and mak...