active-directory
Safeguard articles tagged "active-directory" — guides, analysis, and best practices for software supply chain and application security.
5 articles
LDAP injection: a technical primer and defense guide
LDAP injection is CWE-90, dates to the same root cause as SQL injection, and still shipped in production software as recently as CVE-2023-0476.
Zerologon: The Netlogon Cryptographic Flaw (CVE-2020-1472) Explained
CVE-2020-1472 let an unauthenticated attacker seize a domain controller in seconds by exploiting an all-zero AES-CFB8 initialization vector. Here's the real mechanism and the fix.
CVE-2026-41089: The Unauthenticated Netlogon RCE That Owns Your Domain Controller
CVE-2026-41089 is a CVSS 9.8 unauthenticated remote code execution flaw in Windows Netlogon: an integer overflow in MS-NRPC handshake parsing leads to a stack overflow on domain controllers, with no credentials or user interaction required.
Windows NTLM Hash Disclosure CVE-2025-24054: The Protocol That Won't Die
CVE-2025-24054 leaks NTLM hashes through .library-ms files with minimal user interaction. Microsoft patched it in April 2025, but exploitation started almost immediately.
LDAP Injection Prevention Guide
LDAP injection attacks manipulate directory service queries to bypass authentication, extract sensitive data, and enumerate user accounts. This guide covers attack techniques and practical defenses for applications using LDAP.