Samba KDC Accepts Kpasswd Requests With Any Key (Domain Takeover)
CVE-2022-32744 Published on August 25, 2022

A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover.

Vendor Advisory NVD

Weakness Type

Authentication Bypass by Spoofing

This attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.

Products Associated with CVE-2022-32744

Want to know whenever a new CVE is published for Samba? stack.watch will email you.

Samba

Exploit Probability

EPSS

0.42%

Percentile

61.80%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Samba KDC Accepts Kpasswd Requests With Any Key (Domain Takeover)CVE-2022-32744 Published on August 25, 2022

Weakness Type

Authentication Bypass by Spoofing

Products Associated with CVE-2022-32744

Exploit Probability

Samba KDC Accepts Kpasswd Requests With Any Key (Domain Takeover)
CVE-2022-32744 Published on August 25, 2022