QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2022-2031

Back to search

CVE-2022-2031

Published: Aug 25, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other services.

VendorProductVersions

n/a

samba

affected
Versions prior to samba 4.16.4, samba 4.15.9, samba 4.14.14

Weaknesses (CWE)

CWE-288

References

GLSA-202309-06
vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now