CVE-2022-32744 log
Source |
|
Severity | High |
Remote | Yes |
Type | Authentication bypass |
Description | Samba AD users can forge password change requests for any user. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-2782 | samba | 4.16.3-1 | 4.16.4-1 | High | Fixed |
References |
---|
https://www.samba.org/samba/security/CVE-2022-32744.html |
Notes |
---|
kpasswd is not a critical protocol for the AD DC in most installations, it can be disabled by setting "kpasswd port = 0" in the smb.conf. |