Subscribe via feed.

Windows LSA Service LsapGetClientInfo Impersonation Level Check Privilege Escalation

Posted by deepcore on July 16, 2022 – 5:06 pm

On Microsoft Windows, the LsapGetClientInfo API in LSASRV will fallback and directly capture a caller’s impersonation token if it fails to impersonate, leading to elevation of privilege if the impersonation level is not checked.


This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.


« »