Windows LSA Service LsapGetClientInfo Impersonation Level Check Privilege Escalation

Discussion in 'News Aggregator' started by Packet Storm, 15 Jul 2022.

  1. Packet Storm

    Packet Storm Guest

    On Microsoft Windows, the LsapGetClientInfo API in LSASRV will fallback and directly capture a caller's impersonation token if it fails to impersonate, leading to elevation of privilege if the impersonation level is not checked.

    Continue reading...
     
    #1 Packet Storm, 15 Jul 2022
(You must log in or sign up to post here.)

Share This Page

Loading...