4 matches found
CVE-2022-45141
Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption...
CVE-2022-45141
Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption...
CVE-2022-45141
Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption...
RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided
Description This is Samba's response to Microsoft's CVE-2022-3802312. Following RFC8429 and as has been published for CVE-2022-3938, rc4-hmac also known as arcfour-hmac-md5 cryptography in Kerberos is weak, then it follows that the RC4 mode in the NETLOGON Secure Channel DCE/RPC bulk encryption i...