Samba AD DC using Heimdal can be forced to

Description

Kerberos, the trusted third party authentication system at the heart
of Active Directory, issues a ticket using a key known to the target server
but nobody else, returned to the client in a TGS-REP.

This key needs to be of a type understood only by the KDC and target server.

However, due to a coding error subsequently addressed in all recent
Heimdal versions and so fixed with Samba 4.16 (which imports Heimdal
8.0pre), the (attacking) client would be given the opportunity to
select the encryption type, and so obtain a ticket encrypted with
rc4-hmac, that it could attack offline.

This is possible unless rc4-hmac is totally removed from the server’s
account, by removing the unicodePwd attribute, but this will break
other aspects of the server’s operation in the domain (NETLOGON in
particular).

Patch Availability

Patches addressing both these issues have been posted to:

https://www.samba.org/samba/security/

Additionally, Samba 4.15.13 has been issued as security releases to correct the
defect. Samba administrators are advised to upgrade to these releases or apply
the patch as soon as possible.

CVSSv3 calculation

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H (8.1)

(not) Workaround

Setting msDS-SupportedEncryptionTypes is not a workaround for this issue.

Credits

Originally reported by Joseph Sutton of Catalyst and the Samba Team.

Advisory written by Andrew Bartlett of Catalyst and the Samba Team.

Patches by Nicolas Williams were identified and backported by Joseph Sutton of Catalyst and the Samba Team.

== Our Code, Our Bugs, Our Responsibility.
== The Samba Team