Samba · Samba · CVE-2023-0922
**Name of the Vulnerable Software and Affected Versions**
Samba (affected versions not specified)
**Description**
The issue is related to the Samba AD DC administration tool sending new or reset passwords over a signed-only connection when operating against a remote LDAP server. This could allow a remote attacker to obtain newly set passwords if they can observe the network traffic between samba-tool and the Samba AD DC, especially when connected using a Kerberos secured LDAP connection.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.