Samba AD DC Administration Tool Remote LDAP Server Weakness
CVE-2023-0922

5.9MEDIUM

Key Information:

Vendor: Samba
Status: Samba
Vendor: CVE Published:; 3 April 2023

What is CVE-2023-0922?

The Samba AD DC administration tool has a fundamental weakness when connecting to a remote LDAP server. By default, this tool transmits new or reset passwords exclusively over a signed-only connection. This behavior may expose sensitive credentials during the transmission phase, especially in environments where secure communication is crucial. It is essential for administrators to review their configurations and reinforce security protocols to mitigate potential risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Samba samba 4.18.1, samba 4.17.7, samba 4.16.10

References

https://www.samba.org/samba/security/CVE-2023-0922.html

https://security.netapp.com/advisory/ntap-20230406-0007/

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 3, 2023
Vulnerability Reserved
Feb 20, 2023

JSON

Samba

What is CVE-2023-0922?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.