CVE-2022-2031Authentication Bypass Using an Alternate Path or Channel in Samba

CWE-288Authentication Bypass Using an Alternate Path or ChannelCWE-287Improper Authentication9 documents8 sources
Severity
8.8HIGHNVD
OSV6.5
EPSS
0.3%
top 44.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
SambaDebian SambaMsrc Azl3 Samba 4.18.3-1 ON Azure Linux 3.0+2 more
Timeline
PublishedAug 25
Latest updateApr 1

Description

A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other services.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages8 packages

NVDsamba/samba4.15.04.15.9+2
debiandebian/samba< samba 2:4.16.4+dfsg-1 (bookworm)
Debiansamba/samba< 2:4.13.13+dfsg-1~deb11u5+3
Ubuntusamba/samba< 2:4.13.17~dfsg-0ubuntu1.20.04.1+1
CVEListV5samba/sambaVersions prior to samba 4.16.4, samba 4.15.9, samba 4.14.14

🔴Vulnerability Details

3
GHSA
GHSA-rprh-2gf9-vfmv: A flaw was found in Samba2022-08-26
OSV
CVE-2022-2031: A flaw was found in Samba2022-08-25
OSV
samba vulnerabilities2022-08-01

💥Exploits & PoCs

1
Exploit-DB
Centos Web Panel 7 v0.9.8.1147 - Unauthenticated Remote Code Execution (RCE)2023-04-01

📋Vendor Advisories

4
Microsoft
A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys allowing them to decrypt each other's tickets. A user who has been 2022-08-09
Ubuntu
Samba vulnerabilities2022-08-01
Red Hat
samba: kpasswd authentication with canonicalization enabled against Samba AD DC with Heimdal returns a krbtgt2022-07-27
Debian
CVE-2022-2031: samba - A flaw was found in Samba. The security vulnerability occurs when KDC and the kp...2022