Samba AD DC Administration Tool Remote LDAP Server Weakness
CVE-2023-0922

5.9MEDIUM

Key Information:

Vendor: Samba
Status: Samba
Vendor: CVE Published:; 3 April 2023

What is CVE-2023-0922?

The Samba AD DC administration tool has a fundamental weakness when connecting to a remote LDAP server. By default, this tool transmits new or reset passwords exclusively over a signed-only connection. This behavior may expose sensitive credentials during the transmission phase, especially in environments where secure communication is crucial. It is essential for administrators to review their configurations and reinforce security protocols to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Samba samba 4.18.1, samba 4.17.7, samba 4.16.10

References

https://www.samba.org/samba/security/CVE-2023-0922.html

https://security.netapp.com/advisory/ntap-20230406-0007/

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 3, 2023
Vulnerability Reserved
Feb 20, 2023