# Critical design flaw in Microsoft's Active Directory could allow password change



## TechSocial (Dec 20, 2011)

Microsofts widely used software for brokering network access has a critical design flaw, an Israeli security firm said, but Microsoft contends the issue has been long-known and defenses are in place.

Aorato used public information to craft a proof-of-concept attack that shows how an attacker can change a persons network password, potentially allowing access to other sensitive systems, said Tal Beery, its vice president of research.

The dire consequences we are discussingthat an attacker can change the passwordwas definitely not known, said Beery in a phone interview Tuesday.

About 95 percent of Fortune 500 companies use Active Directory, making the problem highly sensitive, Aorato wrote on its blog.

The companys research focuses on NTLM, an authentication protocol that Microsoft has been trying to phase out for years. All Windows versions older than Windows XP SP3 used NTLM as a default, and newer Windows versions are compatible with it in combination with its successor, Kerberos.

Read More


----------

