PT-2023-2253 · Samba+6 · Samba+6

Andrew Bartlett

Published

2023-03-29

Updated

2025-02-13

CVE-2023-0922

CVSS v2.0

6.1

Medium

Vector

AV:N/AC:H/Au:N/C:C/I:P/A:N

Name of the Vulnerable Software and Affected Versions Samba (affected versions not specified)

Description The issue is related to the Samba AD DC administration tool sending new or reset passwords over a signed-only connection when operating against a remote LDAP server. This could allow a remote attacker to obtain newly set passwords if they can observe the network traffic between samba-tool and the Samba AD DC, especially when connected using a Kerberos secured LDAP connection.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319

Related Identifiers

ALT-PU-2023-1618

ALT-PU-2023-1808

ALT-PU-2023-7794

ALT-PU-2024-12484

ALT-PU-2024-14683

AZL-26215

AZL-37020

BDU:2023-02011

CVE-2023-0922

ECHO-2B94-CFE2-8059

MGASA-2023-0127

OESA-2023-1231

OESA-2023-1232

OESA-2023-1233

OESA-2023-1248

OPENSUSE-SU-2024:12831-1

SUSE-SU-2023:1682-1

SUSE-SU-2023:1683-1

SUSE-SU-2023:1684-1

SUSE-SU-2023:1687-1

SUSE-SU-2023:1689-1

SUSE-SU-2023_1682-1

SUSE-SU-2023_1683-1

SUSE-SU-2023_1684-1

USN-5993-1

Affected Products

Alt Linux

Astra Linux

Debian

Linuxmint

Samba

Suse

Ubuntu

PT-2023-2253 · Samba+6 · Samba+6

CVE-2023-0922

Weakness Enumeration

Related Identifiers

Affected Products

References · 67