pingcastle
pingcastle copied to clipboard
Trim DisplaySpecifier path to avoid false positives
Some environments I tested have the DisplaySpecifier string composed by entries separated by comma and space (,
) instead of just comma (,
).
Even if the configuration is accepted by Active Directory and the DisplaySpecifier script is correctly placed in the SYSVOL directory, PingCastle reports it as a vulnerability.
To fix the issue, I just ensure that the script path is trimmed, to avoid spaces messing up with the rule.