ESC2 Misconfigured Certificate Templates
Variation on the ESC1 attack, however the certificate template is configured with the 'Any Purpose EKU', or without an EKU configuration.
Configuration
To be vulnerable to ESC2, the template must have the following config:
- Enabled: True
- Enrolee Supplies Subject: True
- Requires Management Approval: False
- Authorized Signatures Required: 0
- Any Purpose: True OR Extended Key Usage: False - EKU configuration.