PT-2023-2253 · Samba+6 · Samba+6

Andrew Bartlett

Publicado

2023-03-29

Atualizado

2025-02-13

CVE-2023-0922

CVSS v2.0

6.1

Média

Vetor

AV:N/AC:H/Au:N/C:C/I:P/A:N

Name of the Vulnerable Software and Affected Versions Samba (affected versions not specified)

Description The issue is related to the Samba AD DC administration tool sending new or reset passwords over a signed-only connection when operating against a remote LDAP server. This could allow a remote attacker to obtain newly set passwords if they can observe the network traffic between samba-tool and the Samba AD DC, especially when connected using a Kerberos secured LDAP connection.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Cleartext Transmission of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-319

Identificadores relacionados

ALT-PU-2023-1618

ALT-PU-2023-1808

ALT-PU-2023-7794

ALT-PU-2024-12484

ALT-PU-2024-14683

AZL-26215

AZL-37020

BDU:2023-02011

CVE-2023-0922

ECHO-2B94-CFE2-8059

MGASA-2023-0127

OESA-2023-1231

OESA-2023-1232

OESA-2023-1233

OESA-2023-1248

OPENSUSE-SU-2024:12831-1

SUSE-SU-2023:1682-1

SUSE-SU-2023:1683-1

SUSE-SU-2023:1684-1

SUSE-SU-2023:1687-1

SUSE-SU-2023:1689-1

SUSE-SU-2023_1682-1

SUSE-SU-2023_1683-1

SUSE-SU-2023_1684-1

USN-5993-1

Produtos afetados

Alt Linux

Astra Linux

Debian

Linuxmint

Samba

Suse

Ubuntu

PT-2023-2253 · Samba+6 · Samba+6

CVE-2023-0922

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 67