Mode0

``` _ _ _ _ _ _ _ _ _ _ | | | | |_/ |__ | | | | | || | |_____| |_____ | _ ______| | | | |__ | | | .--. .--. .--. /.-. '----------. /.-. '----------. /.-. '----------. \'-' .---'-''-'-' \'-' .--'--''-'-' \'-' .--'--'-''-' '--' '--' '--'

#### Auditing Issues

Technique Name Issue --------- ---- ----- DETECT horse-DC1-CA Auditing is not fully enabled. Current value is 0

#### ESC1 - Misconfigured Certificate Template

Technique Name Issue --------- ---- ----- ESC1 ESC1-Vulnerable HORSE\kari can enroll in this Client Authentication template using a SAN without Manager Approval

#### ESC2 - Misconfigured Certificate Template

Technique Name Issue --------- ---- ----- ESC2 ESC2-Vulnerable NT AUTHORITY\Authenticated Users can request a SubCA certificate without Manager Approval

#### ESC4 - Vulnerable Certificate Template Access Control

Technique Name Issue --------- ---- ----- ESC4 User NT AUTHORITY\Authenticated Users has GenericAll rights on this template ESC4 User HORSE\Domain Users has GenericAll rights on this template

#### ESC5 - Vulnerable PKI Object Access Control

Technique Name Issue --------- ---- ----- ESC5 horse-DC1-CA HORSE\kari has CreateChild, DeleteChild, Self, WriteProperty, DeleteTree, Delete, GenericRead, WriteDacl, WriteOwner rights on this object ESC5 DC1 HORSE\kari has GenericAll rights on this object

#### ESC6 - EDITF_ATTRIBUTESUBJECTALTNAME2

Technique Name Issue --------- ---- ----- ESC6 horse-DC1-CA EDITF_ATTRIBUTESUBJECTALTNAME2 is enabled.

#### ESC8 - HTTP Enrollment Enabled

Technique Name Issue --------- ---- ----- ESC8 horse-DC1-CA HTTP enrollment is enabled.