Researchers have discovered a way for attackers to access and change the password of a user’s Active Directory account without being detected. The researchers, from AD security firm Aorato, say this is a severe flaw partly because of the ubiquity of Active Directory and partly because it allows attackers to do something that they may not be able to do even with physical access to the user’s machine. Lead researcher Tal Be’ery: “A flaw is a flaw is not a vulnerability, but a part of the Active Directory design””]