pcaconnectorad/aws.sdk.kotlin.services.pcaconnectorad.model/EnrollmentFlagsV4/Builder/noSecurityExtension

noSecurityExtension

var noSecurityExtension: Boolean?

This flag instructs the CA to not include the security extension szOID_NTDS_CA_SECURITY_EXT (OID:1.3.6.1.4.1.311.25.2), as specified in [MS-WCCE] sections 2.2.2.7.7.4 and 3.2.2.6.2.1.4.5.9, in the issued certificate. This addresses a Windows Kerberos elevation-of-privilege vulnerability.