Tom Gilis

2 exploits Active since Feb 2016

CVE-2016-0049 EXPLOITDB MEDIUM text WRITEUP

Microsoft Windows Kerberos - Authentication Bypass via Crafted KDC

Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 does not properly validate password changes, which allows remote attackers to bypass authentication by deploying a crafted Key Distribution Center (KDC) and then performing a sign-in action, aka "Windows Kerberos Security Feature Bypass."

CVSS 6.2

View Code

CVE-2016-3223 EXPLOITDB HIGH text WRITEUP

Microsoft Windows - Privilege Escalation via Group Policy LDAP Authentication

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandle LDAP authentication, which allows man-in-the-middle attackers to gain privileges by modifying group-policy update data within a domain-controller data stream, aka "Group Policy Elevation of Privilege Vulnerability."

CVSS 8.1

View Code