Lucene search

K
cvelistRedhatCVELIST:CVE-2022-45141
HistoryMar 06, 2023 - 12:00 a.m.

CVE-2022-45141

2023-03-0600:00:00
CWE-328
redhat
www.cve.org
21
windows kerberos
elevation of privilege
vulnerability
samba active directory
rc4-hmac
encryption

AI Score

9.6

Confidence

High

EPSS

0.002

Percentile

51.8%

Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96).

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Samba",
    "versions": [
      {
        "version": "Fixed in samba 4.15.13, samba 4.16.8, samba 4.15.13",
        "status": "affected"
      }
    ]
  }
]