CVE Vulnerabilities

CVE-2020-25719

Improper Authentication

Published: Feb 18, 2022 | Modified: Nov 21, 2024
CVSS 3.x
7.2
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
9 HIGH
AV:N/AC:L/Au:S/C:C/I:C/A:C
RedHat/V2
RedHat/V3
7.2 MODERATE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Ubuntu
MEDIUM

A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Samba Samba 4.0.0 (including) 4.13.14 (excluding)
Samba Samba 4.14.0 (including) 4.14.10 (excluding)
Samba Samba 4.15.0 (including) 4.15.2 (excluding)
Samba Ubuntu bionic *
Samba Ubuntu devel *
Samba Ubuntu esm-infra-legacy/trusty *
Samba Ubuntu esm-infra/bionic *
Samba Ubuntu esm-infra/xenial *
Samba Ubuntu focal *
Samba Ubuntu hirsute *
Samba Ubuntu impish *
Samba Ubuntu jammy *
Samba Ubuntu kinetic *
Samba Ubuntu lunar *
Samba Ubuntu trusty/esm *
Samba Ubuntu upstream *
Red Hat Enterprise Linux 7 RedHat ipa-0:4.6.8-5.el7_9.10 *
Red Hat Enterprise Linux 8 RedHat idm:DL1-8050020211208123445.acb078e8 *
Red Hat Enterprise Linux 8.2 Extended Update Support RedHat idm:DL1-8020020211215161923.2ef9514c *
Red Hat Enterprise Linux 8.4 Extended Update Support RedHat idm:DL1-8040020211214110257.5b01ab7e *

Potential Mitigations

References