Azure blues: Active Directory Connect has password reset vuln
Attackers can dive out of the cloud to pwn admin passwords
Microsoft is warning sysadmins to check their Azure Active Directory Connect configurations and implement a patch against a credential-handling vulnerability.
The bug's in an Active Directory (AD) feature called password writeback. Azure AD can be configured to copy user passwords back to a local AD environment.
A convenience feature, password writeback is designed to simplify password resets, letting users change their local and cloud passwords simultaneously. It supports resets from Office365 and allows admins to push a reset from the Azure portal back to on-premises AD.
And if it's misconfigured, Microsoft writes, it can be vulnerable to attackers forcing resets to get access to a user's new password.
“When setting up the permission, an on-premises AD Administrator may have inadvertently granted Azure AD Connect with Reset Password permission over on-premises AD privileged accounts (including Enterprise and Domain Administrator accounts).”
A malicious cloud admin can therefore force resets of on-premises AD accounts – including those of admin-level users – and force the reset to a password of the attacker's choice. That would then get written back to the victim's local environment, and presto, the target's pwned.
Microsoft has patched the issue in this update to Azure AD Connect. ®
Similar topics
Broader topics
Narrower topics
- Authentication
- Bing
- Black Hat
- BSoD
- Common Vulnerability Scoring System
- Cybercrime
- Cybersecurity
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- DDoS
- Digital certificate
- Encryption
- Excel
- Exploit
- Firewall
- Hacker
- Hacking
- Identity Theft
- Infosec
- Internet Explorer
- Kenna Security
- Microsoft 365
- Microsoft Build
- Microsoft Edge
- Microsoft Office
- Microsoft Surface
- Microsoft Teams
- NCSC
- .NET
- Office 365
- Outlook
- Palo Alto Networks
- Password
- Patch Tuesday
- Phishing
- Pluton
- Ransomware
- REvil
- SharePoint
- Skype
- Spamming
- Spyware
- SQL Server
- Surveillance
- TLS
- Trojan
- Trusted Platform Module
- Visual Studio
- Visual Studio Code
- Wannacry
- Windows
- Windows 10
- Windows 11
- Windows 7
- Windows 8
- Windows Server
- Windows Server 2003
- Windows Server 2008
- Windows Server 2012
- Windows Server 2013
- Windows Server 2016
- Windows XP
- Xbox
- Xbox 360
- Y2K
- Zero Day Initiative
- Zero trust