Samba: ad dc password exposure to privileged users and rodcs
CVE-2023-4154

7.5HIGH

Key Information:

Vendor: Red Hat
Status: Samba; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 7 November 2023

What is CVE-2023-4154?

A design flaw in Samba's DirSync control implementation grants unauthorized access to sensitive passwords and secret attributes in Active Directory. This flaw specifically compromises Read-Only Domain Controllers (RODCs) and privileged users by allowing them to access all attributes, including secret passwords that should only be restricted. The vulnerability also ignores error conditions, which can lead to accidental overexposure of sensitive data, even under low-privilege scenarios. As a result, RODCs, which are designed to replicate a limited set of passwords, can inadvertently access all domain secrets, including critical account information such as krbtgt.

Affected Version(s)

samba 4.19.1

samba 4.18.8

samba 4.17.12

References

https://access.redhat.com/security/cve/CVE-2023-4154

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2241883

issue-trackingx_refsource_REDHAT

https://bugzilla.samba.org/show_bug.cgi?id=15424

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 7, 2023
Vulnerability Reserved
Aug 4, 2023

CVE-2023-4154 Data

JSON

Red Hat

What is CVE-2023-4154?

Affected Version(s)

References

CVSS V3.1

Timeline