CVE-2022-32744

EPSS 0.9%CWE-290

A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover.

Produtos afetados

n/a · samba

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://security.gentoo.org/glsa/202309-06 https://www.samba.org/samba/security/CVE-2022-32744.html