PKI Spotlight Feature
Real-Time Detection Of PetitPotam (CVE-2021-36942) Vulnerability
PKI Spotlight automatically checks if your MS ADCS environment is vulnerable to the PetitPotam NTLM relay attack (CVE- 2021-36942) which could allow an attacker to completely take over an Active Directory Forest.
PKI Spotlight in Action
Real-Time Detection Of PetitPotam (CVE-2021-36942) Vulnerability
Why does it matter?
PKI Spotlight automatically checks if your MS ADCS environment is vulnerable to the PetitPotam NTLM relay attack (CVE- 2021-36942) which could allow an attacker to completely take over an Active Directory Forest.
PKI Spotlight will monitor and alert when:
- NTLM authentication is allowed by the host and by Certificate Authority Web Enrollment website in IIS
OR when any of the following conditions exist:
- Extended Protection for Authentication (EPA) for Certificate Authority Web Enrollment is disabled
- Extended Protection for Authentication (EPA) for Certificate Enrollment Web Service is disabled
- The Certificate Authority Web Enrollment website in IIS is configured to accept non-TLS connections (HTTP vs HTTPS)
In addition, PKI Spotlight will provide Best Practice Recommendations on:
- Settings for Web.config file created by the Certificate Enrollment Web Service (CES) role
- How to disable NTLM authentication on Domain Controllers
- How to disable NTLM on any ADCS Servers using group policy