CVE-2022-2031

Summary

A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other services.

Affected Software

VendorProductVersion RangeStatus
n/asambaVersions prior to samba 4.16.4, samba 4.15.9, samba 4.14.14affected

Weaknesses

  • CWE-288: CWE-288

ADP Enrichment

CVE Program Container

Additional References

References