Detections
Analytics

Use of Weak Cryptography Algorithms in Active Directory PKI

critical

Language:

Description

Active Directory instances use a public key infrastructure (PKI) for authentication purposes. The various cryptographic algorithms require correct configuration.

Solution

Remove certificates with weak cryptographic properties to prevent attackers from compromising their private key.

See Also

Selecting Algorithms and Key Lengths

Indicator Details

Name: Use of Weak Cryptography Algorithms in Active Directory PKI

Codename: C-PKI-WEAK-CRYPTO

Severity: Critical

Type: Active Directory Indicator of Exposure

Family: Services and Applications

Attacker Known Tools

Lee Chagolla-Christensen: ForgeCert