Hello, since this tool's inception, it's only supported ESC1-8 while newer ESC methods have been identified:
ESC 12 (Oct/2023) is a bit more nuanced. It is mostly a physical security issue rather than a CA/template issue. I think we could still check this at a high-level by checking if lowly privileged groups have login access to CAs themselves. But I admit this is a fringe check.
I would love to be able to contribute and help fill this gap, but I do not have time to be able to help currently. For any other folks reading this, I'd recommend manually reading these links, checking your configurations, and making careful changes as necessary.
Hello, since this tool's inception, it's only supported ESC1-8 while newer ESC methods have been identified:
ESC 12 (Oct/2023) is a bit more nuanced. It is mostly a physical security issue rather than a CA/template issue. I think we could still check this at a high-level by checking if lowly privileged groups have login access to CAs themselves. But I admit this is a fringe check.
I would love to be able to contribute and help fill this gap, but I do not have time to be able to help currently. For any other folks reading this, I'd recommend manually reading these links, checking your configurations, and making careful changes as necessary.