CVE-2022-32744

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-32744
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-32744.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-32744
Downstream
Related
Published
2022-08-25T18:15:10.497Z
Modified
2026-04-16T00:05:59.420126552Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover.

References

Affected packages

Git / github.com/samba-team/samba

Affected ranges

Type
GIT
Repo
https://github.com/samba-team/samba
Events
Introduced
b85f6018c803fb9aad82820d4b5505179ec5bac3
Fixed
ad06fd8294503b6a27729118dd8c80558d41924a
Introduced
fc8342bd26d1c55ca5780b427f675f31147b27f9
Fixed
c8fc01ca36445e87c3e503026a446416d66cd1bf
Introduced
e95d85f784ae6b19f2cb42cc9039b60b146e5b69
Fixed
9618af1b66aa7503e02b25c9a0bb5b1f31baffbc
Database specific 
{
    "cpe": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "4.3.0"
        },
        {
            "fixed": "4.14.14"
        },
        {
            "introduced": "4.15.0"
        },
        {
            "fixed": "4.15.9"
        },
        {
            "introduced": "4.16.0"
        },
        {
            "fixed": "4.16.4"
        }
    ],
    "source": "CPE_FIELD"
}

Affected versions

ldb-2.*
ldb-2.4.1
ldb-2.4.2
ldb-2.4.3
ldb-2.4.4
ldb-2.5.1
ldb-2.5.2
samba-4.*
samba-4.15.0
samba-4.15.1
samba-4.15.2
samba-4.15.3
samba-4.15.4
samba-4.15.6
samba-4.15.7
samba-4.15.8
samba-4.16.0
samba-4.16.1
samba-4.16.2
samba-4.16.3

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-32744.json"