Certify For ESC 3 the 2nd requirement is not evaluated

For ESC 3 the 2nd requirement is not evaluated

Open LuemmelSec opened this issue 3 years ago • 2 comments

When enumerating for ESC 3, the values to meet the 1st group of requirements is taken into consideration and according templates are flagged as vulnerable. However the 2nd set, where the msPKI-RA-Application-Policies property needs to meet the OID=1.3.6.1.4.1.311.20.2.1=Certificate Request Agent is never evaluated.

I updated to OIDs and the find stuff accordingly, to take this into account, and also print out the templates meeting the 2nd group of criteria.

Sep 18 '22 09:09 LuemmelSec

Okay, it somehow mangles the output:

Currently don't know why that is.

Sep 18 '22 09:09 LuemmelSec

Okay, I am mistaken. This is a "problem" that was introduced to the code somewhere back in time. Tried it with the most current original code, and it is the same behavior. When using the BlackHat commit (https://github.com/GhostPack/Certify/commit/2b1530309c0c5eaf41b2505dfd5a68c83403d031), it works like expected: So it is no issue related to my PR.

Sep 18 '22 15:09 LuemmelSec

I'm good with this, are you @leechristensen ?

Oct 24 '22 19:10 HarmJ0y

Certify Certify copied to clipboard

For ESC 3 the 2nd requirement is not evaluated

Certify
Certify copied to clipboard