Skip to content

Commit

Permalink
Update crtd.py
Browse files Browse the repository at this point in the history 
Add the "CT_FLAG_NO_SECURITY_EXTENSION" extension flag value that permits to make a template vulnerable to ESC9.
  • Loading branch information
@BlWasp
BlWasp authored Jun 26, 2023
1 parent f3e456e commit cc7ceab
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions src/crtd.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
CT_FLAG_ALLOW_PREVIOUS_APPROVAL_KEYBASEDRENEWAL_VALIDATE_REENROLLMENT = 0x00010000
CT_FLAG_ISSUANCE_POLICIES_FROM_REQUEST = 0x00020000
CT_FLAG_SKIP_AUTO_RENEWAL = 0x00040000
CT_FLAG_NO_SECURITY_EXTENSION = 0x00080000

# 2.27 msPKI-Private-Key-Flag Attribute
CT_FLAG_REQUIRE_PRIVATE_KEY_ARCHIVAL = 0x00000001
Expand Down Expand Up @@ -132,6 +133,7 @@
CT_FLAG_ALLOW_PREVIOUS_APPROVAL_KEYBASEDRENEWAL_VALIDATE_REENROLLMENT: "ALLOW_PREVIOUS_APPROVAL_KEYBASEDRENEWAL_VALIDATE_REENROLLMENT",
CT_FLAG_ISSUANCE_POLICIES_FROM_REQUEST: "ISSUANCE_POLICIES_FROM_REQUEST",
CT_FLAG_SKIP_AUTO_RENEWAL: "SKIP_AUTO_RENEWAL",
CT_FLAG_NO_SECURITY_EXTENSION: "NO_SECURITY_EXTENSION",
}

MS_PKI_CERTIFICATE_NAME_FLAGS = {
Expand Down

0 comments on commit cc7ceab

Please sign in to comment.