摘要:
A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other services.
安全等级: Low
公告ID: KylinSec-SA-2024-4178
发布日期: 2024年12月1日
关联CVE: CVE-2022-2031
A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other services.
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2022-2031 | KY3.4-5 | libldb | Unaffected |
| CVE-2022-2031 | KY3.5.2 | libldb | Unaffected |
| CVE-2022-2031 | V6 | libldb | Unaffected |
