No one company has a complete view of today’s threat landscape—and that’s a good thing. It’s why collaborations like the recent work between Portnox and DREAM’s Identity Research team matter, especially when it comes to uncovering and fixing vulnerabilities in identity and Active Directory environments.
The Discovery
The vulnerability affected PortnoxADBroker version 1.1.320 and earlier, a component used to synchronize Active Directory environments with Portnox’s access control platform. Researchers found that someone with admin access to the server could utilize the broker to conduct a privilege escalation attack. While the technical details are complex, the risk was clear: an attacker with local administrative access could potentially gain full API control, register rogue brokers, and silently bypass critical enforcement policies such as VLAN restrictions and compliance checks. In short, this flaw could undermine the very foundation of network access control.
Why It Matters
Network access control solutions like Portnox are designed to enforce security policies across enterprise environments. If these controls are disabled or bypassed, organizations face significant exposure—unauthorized devices could gain access, compliance requirements could be ignored, and attackers could maintain stealthy persistence without triggering alarms. This vulnerability highlighted a broader truth: even well-designed security systems can have weak points, and addressing them requires transparency, collaboration, and speed.
The Response
Upon receiving the report, Portnox acted quickly. The company worked closely with Dream Group researchers to validate the findings, assess the impact, and develop a fix. A patched version was released to customers, and guidance was provided to ensure deployments were secured. This partnership underscores the importance of coordinated vulnerability disclosure. By working together, vendors can reduce risk, protect critical infrastructure, and strengthen trust in the cybersecurity ecosystem.
Lessons Learned
- Shared Responsibility: Cybersecurity is not a solo effort. Vendors, governments, and customers must collaborate to identify and mitigate risks.
- Credential Hygiene: Long-lived, shared credentials pose significant risks. Moving toward short-lived tokens and zero-trust principles is essential.
- Rapid Response: Timely patching and clear communication can make the difference between a contained incident and a widespread breach.
What’s Next
Organizations using Portnox solutions should ensure their AD Broker is version 1.1.326 or later and review their access control configurations. The version of AD Broker can be confirmed by logging in to your Portnox Cloud dashboard and going to Settings – Authentication Repositories – Directory Integration Service – Directory domains. More information is available in our documentation here. Beyond this specific case, the incident serves as a reminder: vigilance and collaboration are key to staying ahead of evolving threats. Portnox is also doubling down on proactive security measures through its Bug Bounty Program, hosted on Bugcrowd. This initiative invites ethical hackers and security researchers worldwide to identify vulnerabilities before attackers do. By incentivizing responsible disclosure, Portnox aims to strengthen its products and foster a culture of continuous improvement in cybersecurity.