What the vulnerability does

01Description

A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover.

Key dates

02Disclosure timeline

August 25, 2022 CVE published
August 3, 2024 Record updated