A flaw in Microsoft’s Active Directory (AD) software could allow an attacker to change a victim’s password and, ultimately, access a range of enterprise services.
According to SC Magazine, the attack method could open widely used Microsoft software to unauthorized access. Active Directory, deployed in 95 per cent of all Fortune 1000 companies, enables by default an older authentication protocol called NTLM.
By using a free penetration testing tool, such as WCE or Mimikatz, an attacker could easily steal the NTLM hash from a targeted individual’s device, Tal Be’ery said. With the hash in possession, a hacker who “forces the client to authenticate to Active Directory using a weaker encryption protocol,” could go on to change victims’ passwords, and login to other Microsoft services like Outlook Web Access or Remote Desktop Protocol, he explained.