Detections
Analytics

Managed Service Accounts Dangerous Misconfigurations

high

Language:

Description

MSAs (Managed Service Accounts) provide a secure way to manage Active Directory service accounts. A MSA has its own complex password which is maintained automatically, as computer accounts do. This feature should be deployed and correctly configured so that no illegitimate user account can compromise them (e.g. through "Kerberoasting" attacks)

Solution

Service accounts should be configured as Managed Service Accounts (MSAs) and secured properly, to avoid potential elevation of privileges and persistence mechanisms.

See Also

Group Managed Service Accounts Overview

gMSA Active Directory Attacks

Retrieving Cleartext GMSA Passwords from Active Directory

Step-by-Step - How to work with Group Managed Service Accounts (gMSA)

Windows Server 2012 - Group Managed Service Accounts

Indicator Details

Name: Managed Service Accounts Dangerous Misconfigurations

Codename: C-MSA-COMPLIANCE

Severity: High

MITRE ATT&CK Information:

Attacker Known Tools

Yuval Gordon: GoldenGMSA

Michael Grafnetter: DSInternals