Vulnerabilities > CVE-2017-8613 - Weak Password Recovery Mechanism for Forgotten Password vulnerability in Microsoft Azure Active Directory Connect 1.1.524.0

047910
CVSS 8.1 - HIGH
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
high complexity
microsoft
CWE-640
nessus

Summary

Azure AD Connect Password writeback, if misconfigured during enablement, allows an attacker to reset passwords and gain unauthorized access to arbitrary on-premises AD privileged user accounts aka "Azure AD Connect Elevation of Privilege Vulnerability."

Vulnerable Configurations

Part Description Count
Application
Microsoft
2

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Password Recovery Exploitation
    An attacker may take advantage of the application feature to help users recover their forgotten passwords in order to gain access into the system with the same privileges as the original user. Generally password recovery schemes tend to be weak and insecure. Most of them use only one security question . For instance, mother's maiden name tends to be a fairly popular one. Unfortunately in many cases this information is not very hard to find, especially if the attacker knows the legitimate user. These generic security questions are also re-used across many applications, thus making them even more insecure. An attacker could for instance overhear a coworker talking to a bank representative at the work place and supplying their mother's maiden name for verification purposes. An attacker can then try to log in into one of the victim's accounts, click on "forgot password" and there is a good chance that the security question there will be to provide mother's maiden name. A weak password recovery scheme totally undermines the effectiveness of a strong password scheme.

Nessus

NASL familyWindows
NASL idSMB_KB4033453.NASL
descriptionThe version of Azure Active Directory (AD) Connect installed on the remote Windows host is prior to 1.1.553.0, and the password writeback setting is enabled. It is, therefore, affected by an elevation of privilege vulnerability due to improper permissions being granted when enabling the password writeback setting. An authenticated, remote attacker can exploit this to reset users
last seen2020-06-01
modified2020-06-02
plugin id101113
published2017-06-29
reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/101113
titleMicrosoft Security Advisory 4033453: Vulnerability in Azure AD Connect Could Allow Elevation of Privilege