Authentication Bypass by Spoofing Affecting samba package, versions [0,]
Attack Complexity
Low
Confidentiality
High
Integrity
High
Availability
High
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications-
snyk-id
SNYK-UNMANAGED-SAMBA-2961658
-
published
28 Jul 2022
-
disclosed
27 Jul 2022
-
credit
Joseph Sutton of Catalyst
Introduced: 27 Jul 2022
New CVE-2022-32744 Open this link in a new tabHow to fix?
A fix was pushed into the master
branch but not yet published.
Overview
Affected versions of this package are vulnerable to Authentication Bypass by Spoofing. The KDC accepts kpasswd
requests encrypted with any key known to it. By encrypting forged kpasswd
requests with its own key, a user can change other users' passwords, enabling full domain takeover.
Workarounds:
kpasswd
is not a critical protocol for the AD DC in most installations, it can be disabled by setting kpasswd port = 0
in the smb.conf
.