Quantcast
Viewing all articles
Browse latest Browse all 8064

A Windows Authentication Flaw Allows Deleted/Disabled Accounts to Access Corporate Data

As part of our extensive research on the Kerberos authentication protocol we found that contrary to the actual aim of Kerberos and as opposed to common sense, a disabled account in Windows’ network does not take effect immediately. In fact, due to design considerations disabled accounts – and the same goes for deleted, expired and locked-out accounts – effectively remain valid up to 10 hours after they had supposedly been revoked. The consequence? So-called disabled accounts expose the corporation to advanced attackers seeking to gain access to the corporate network. Unfortunately, traditional security measures, such as logs and SIEM products – which we rely upon to alert on such misuse – do not have the proper visibility to contain this type of threat.

more here..........http://www.aorato.com/blog/windows-authentication-flaw-allows-deleteddisabled-accounts-access-corporate-data/
Image may be NSFW.
Clik here to view.

Viewing all articles
Browse latest Browse all 8064

Trending Articles