CVE-2022-45141
CVE-2022-45141
In short
Samba Active Directory domain controllers incorrectly issue weak RC4-HMAC encrypted Kerberos tickets even when stronger encryption methods are available, allowing attackers to exploit this weakness to compromise security.
Technical detail
The vulnerability stems from Samba AD DCs failing to negotiate stronger encryption algorithms (e.g., AES256-CTS-HMAC-SHA1-96) and defaulting to RC4-HMAC for Kerberos ticket issuance. An attacker can intercept and crack these weak tickets to gain elevated privileges in the domain. This affects environments where RC4-HMAC is used despite RFC8429 recommendations and the disclosure of related Windows Kerberos vulnerabilities.
Summary generated and translated by AI from the official description.
Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · SambaWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →