CVE-2022-32744

Summary

A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover.

Affected Software

VendorProductVersion RangeStatus
n/asambaVersions prior to samba 4.16.4, samba 4.15.9, samba 4.14.14affected

Weaknesses

  • CWE-290: CWE-290

ADP Enrichment

CVE Program Container

Additional References

References