Active Directory (AD) is among the oldest pieces of software still used in the production environment and can be found in most organizations today. This is despite the fact that its historical security gaps have never been amended. When a user initiates an access request, AD knows how to do one thing only: check if username and password match. If they don't, AD blocks access; if they do, access is granted. But what can AD do if username and password match but are being used by an adversary that has obtained them? Unfortunately, the answer is absolutely nothing.
コメント