ept security

Commonly Abused Windows Token Privileges: SeTrustedCredManAccessPrivilege

SeTrustedCredManAccessPrivilege— Access Credential Manager as a trusted caller

Provides users given this permission the ability to utilize applications or processes to abuse the credential manager in an attempt to grab credentials for other users on the system. This setting is normally exclusively used by the credential manager during Backup and Restore and should not be assigned to other users.

GPO Setting Path

Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment

GPO Setting Name

Access Credential Manager as a trusted caller

Token Privilege

SeTrustedCredManAccessPrivilege

Associated Security Frameworks

Mitre ATT&CK: Credential Access (TA0006)

STIG: V-220956

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *