Skip to content

Horizon3.ai Docs

H3-2023-0009

Horizon3.ai Docs

Home
Quickstart
Quickstart
- Setup NodeZero Host
  Setup NodeZero Host
- Run an Internal Pentest
  Run an Internal Pentest
Portal
Portal
- Test Types
  Test Types
  - Internal Pentest
    
    Internal Pentest
  - External Pentest
    
    External Pentest
    
    Create an Asset Group
    
    Run Asset Discovery
    
    Authorize Assets
    
    Run External Pentest
  - AWS Pentest
    
    AWS Pentest
  - Azure Entra ID
    
    Azure Entra ID
  - AD Password Audit
    
    AD Password Audit
  - Segmentation Test
    
    Segmentation Test
  - Phishing Test
    
    Phishing Test
    
    The NodeZero Phishing Script
  - Rapid Response
    
    Rapid Response
    
    Alerts
    
    Alerts
    
    Rapid Response Activity Cards
    
    Rapid Response Activity Cards
    
    Targeted Tests
    
    Targeted Tests
  - 1-Click Verify
    
    1-Click Verify
- Portal Settings
  Portal Settings
  - Set a Proxy
    
    Set a Proxy
  - Email Notifications
    
    Email Notifications
  - Pentest Templates
    
    Pentest Templates
  - User Management
    
    User Management
  - Client Management
    
    Client Management
  - Single Sign-On (SSO)
    
    Single Sign-On (SSO)
  - IDentity Provider (IdP) Guides
    
    IDentity Provider (IdP) Guides
    
    Azure
    
    Okta
- Features
  Features
  - Attack Configuration
    
    Attack Configuration
    
    Remote Access Tool
  - BloodHound
    
    BloodHound
  - Injecting Credentials
    
    Injecting Credentials
    
    Injecting an AWS Role
    
    Injecting an Azure MFA Credential
  - Schedules
    
    Schedules
  - Co-Branding
    
    Co-Branding
Tripwires
Tripwires
- Getting Started
- Management
- Alerts
- Settings
  Settings
CLI
CLI
- Getting Started
- Guides
  Guides
API
API
- API Reference
  API Reference
Release Notes
Release Notes
- 2024.10
- 2024.09
- 2024.08
- 2024.07
- 2024.06
- 2024.05
- 2024.04
- 2024.03
- 2024.02
- 2024.01
Downloads
Downloads
- NodeZero Host VM (OVA/VHD)
  NodeZero Host VM (OVA/VHD)
  - N0 utility
- Host Check Script
- Splunk App
- Ubuntu Setup Script
Knowledge Base
Knowledge Base
- NodeZero Modules
  NodeZero Modules
  - Cyanide
    
    Cyanide
- Glossary
  Glossary
- Sensitive Data
  Sensitive Data
- Weaknesses
  Weaknesses
- Exposure Score

H3-2023-0009

Kerberos Unconstrained Delegation


Category	`SECURITY_MISCONFIGURATION`
Base Score	`7.1`

Description

An Active Directory Principal (e.g. a User, Machine, or Service Account) can impersonate any unprotected domain principal when connecting to ANY service.

Impact

If an attacker obtains authentication material for the principal with Unconstrained Delegation privileges, the attacker could impersonate a domain administrator on any AD joined device, including Domain Controllers -- leading to domain compromise.

References