CVE-2022-2031
N/A
N/A
Summary
A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other services.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | samba | Versions prior to samba 4.16.4, samba 4.15.9, samba 4.14.14 | affected |
Weaknesses
- CWE-288: CWE-288
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.