Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2022-2031

A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other services.

  • Published: Aug 25, 2022
  • Updated: Apr 14, 2023
  • CVE: CVE-2022-2031
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 8.8
  • AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

OWASP TOP 10:

Software From Fixed in
samba / samba 4.16.0 4.16.4
samba / samba 4.15.0 4.15.9
samba / samba - 4.14.14