ESC4 Vulnerable Certificate Template Access Control
Possible when templates are misconfigured at the access control level. If Access Control Entries allow unintended or unprivileged Active Directory users to edit the security settings in the template, it can result in unintended users being granted one of the following permissions:
- Owner
- WriteOwnerPrincipals
- WriteDaclPrincipals
- WritePropertyPrincipals
These enable any domain user to modify any property in the template, thus making them vulnerable to other Enterprise Security Certificate Attacks.