A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users passwords, enabling full domain takeover.
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Samba | Samba | 4.3.0 (including) | 4.14.14 (excluding) |
Samba | Samba | 4.15.0 (including) | 4.15.9 (excluding) |
Samba | Samba | 4.16.0 (including) | 4.16.4 (excluding) |