CVE-2022-32744

Published: 2022-08-25T18:15Z

Last Modified: 2024-11-21T07:06Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt