ADCS ESC8 exploit against HTTPS with empty SSL/TLS cert #323
Unanswered
MinhPham123456789
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi all,
I came across a scenario where a CA has Web Enrollment
However, that CA web server does not have a valid SSL/TLS cert (empty cert).
In that scenario, is the CA server still vulnerable to ESC8? It would be much appreciated if you can provide technical explanation for the answer too.
Thank you all
Beta Was this translation helpful? Give feedback.
All reactions