Long-time Slashdot reader
jd writes:
The Register is reporting that Akamai security researchers have found a way to hack Active Directory and obtain the information stored within it. The researchers go on to say that Microsoft is NOT planning to fix the vulnerability. From the article:
While the current report doesn't provide technical details or proof-of-concept exploits, Akamai has promised, in the near future, to publish code that implements these attacks called DDSpoof — short for DHCP DNS Spoof.'We will show how unauthenticated attackers can collect necessary data from DHCP servers, identify vulnerable DNS records, overwrite them, and use that ability to compromise AD domains,' Akamai security researcher Ori David said.
The DHCP attack research builds on earlier work by NETSPI's Kevin Roberton, who detailed ways to exploit flaws in DNS zones.
Support the originator by clicking the read the rest link below.
