Jason
Jason
Confirmed that is the issue! So Certipy said the template is vulnerable to ESC1 (which is true), but Certipy doesn't check that enrollment rights are the same on the CA...
That is correct @Cyb3rC3lt. I'm pretty sure the CA info was presented when I raised the issue, but was still thrown off by templates being marked as vulnerable.
also, are there plans to merge the recent updates to the PortSwigger repo?
I also encountered this but submitted the issue on the pxethiefy repo back in Nov https://github.com/csandker/pxethiefy/issues/6