The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection.
[
{
"vendor": "n/a",
"product": "Samba",
"versions": [
{
"version": "samba 4.18.1, samba 4.17.7, samba 4.16.10",
"status": "affected"
}
]
}
]