Samba KDC/kpasswd Ticket Decrypt via Shared Account flaw
CVE-2022-2031 Published on August 25, 2022

A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other services.

Vendor Advisory NVD

Weakness Type

Authentication Bypass Using an Alternate Path or Channel

A product requires authentication, but the product has an alternate path or channel that does not require authentication.

Products Associated with CVE-2022-2031

Want to know whenever a new CVE is published for Samba? stack.watch will email you.

Samba

Exploit Probability

EPSS

0.42%

Percentile

61.72%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Samba KDC/kpasswd Ticket Decrypt via Shared Account flawCVE-2022-2031 Published on August 25, 2022

Weakness Type

Authentication Bypass Using an Alternate Path or Channel

Products Associated with CVE-2022-2031

Exploit Probability

Samba KDC/kpasswd Ticket Decrypt via Shared Account flaw
CVE-2022-2031 Published on August 25, 2022