CVE-2023-36722 is a critical information disclosure vulnerability that allows attackers to gain unauthorized access to sensitive information within an organization's Active Directory Domain Services (AD DS). The vulnerability has been classified as high severity, given the potential for an attacker to acquire sensitive user and group information that may be leveraged to further infiltrate the environment.

This long-read post will dive deep into the details of CVE-2023-36722, exploring various aspects such as a code snippet demonstrating the vulnerability, links to original references, and a step-by-step guide on how the exploit works.

Code Snippet

Below is a Python code snippet that demonstrates CVE-2023-36722. This code exploits the vulnerability in Active Directory Domain Services by using LDAP to search for sensitive user and group information.

import ldap

# Replace with your domain controller's IP address, username, and password
dc_ip = ""
user = "username"
password = "password"

ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
ldap_connection = ldap.initialize(f"ldaps://{dc_ip}")

ldap_connection.simple_bind_s(user, password)

# Define base DN and search filter
base_dn = "dc=example,dc=com"
search_filter = "(&(objectClass=user)(!(objectClass=computer)))"

# Search for sensitive user information
result = ldap_connection.search_s(base_dn, ldap.SCOPE_SUBTREE, search_filter)

for entry in result:
    dn, info = entry
    print(f"User DN: {dn}, Attributes: {info}")


Ensure that you replace the IP address, username, and password with their respective values from your environment.

Original References

1. Official CVE information - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36722
2. NVD (National Vulnerability Database) - https://nvd.nist.gov/vuln/detail/CVE-2023-36722
3. Active Directory Domain Services official documentation - https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain-services-overview

Exploit Details

Here is a detailed, step-by-step explanation of how an attacker would exploit this vulnerability

1. Preliminary Reconnaissance: The attacker first identifies the target organization's Active Directory environment and determines the Domain Controller IP address using tools such as Nmap or other network scanning utilities.

2. Acquire Valid Credentials: The attacker would need valid credentials to authenticate to the Domain Controller. They may gain access to these credentials through previous compromise or social engineering techniques.

3. Exploit Code Execution: Using the provided Python code, the attacker authenticates to the Domain Controller via LDAP and conducts searches on sensitive user information.

4. Sensitive Data Retrieval: Using the search results, the attacker gains insight into the organization's user accounts, their email addresses, group membership, and other sensitive attributes.

5. Further Exploitation: With the obtained information, the attacker can develop a refined attack plan leveraging user accounts to compromise additional systems and gain further unauthorized access within the organization.


CVE-2023-36722 is a significant vulnerability in Active Directory Domain Services that allows attackers to gain unauthorized access to sensitive user and group information. Organizations should ensure their environment is secured against such attacks by:

Continuously monitoring logs for suspicious queries and activities.

Given the potential impact of this vulnerability, it is crucial to understand the risks associated with it and take appropriate mitigative and preventive actions to protect your organization from unwanted information disclosure.


Published on: 10/10/2023 18:15:16 UTC
Last modified on: 10/13/2023 20:07:43 UTC