Updated: 2023-01-31 16:05:40.927719
Description:
A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0 | |
| CVSS Version 3.x | HIGH | 8.8 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated |
|---|---|---|---|---|---|---|---|
| CentOS 8.4 ELS | samba | 4.13.3-5 | 8.8 | HIGH | Not Vulnerable | 2022-08-30 08:02:16 | |
| CentOS 8.5 ELS | samba | 4.14.5-7 | 8.8 | HIGH | Not Vulnerable | 2022-08-30 08:02:16 | |
| Ubuntu 16.04 ELS | samba | 4.3.11 | 8.8 | HIGH | Ignored | 2023-01-31 16:05:40 | |
| Ubuntu 18.04 ELS | samba | 4.7.6 | 8.8 | HIGH | Needs Triage | 2023-03-01 16:02:09 |
We’ve reasoned not to fix this vulnerability taking into account that kpasswd is not a critical protocol for the AD DC in most installations and the substantial amount of code backports this fix would require. kpasswd in samba configurations can be disabled by setting "kpasswd port = 0" in the smb.conf