Lucene search

PRIOn knowledge basePRION:CVE-2022-45141

HistoryMar 06, 2023 - 11:15 p.m.

Privilege escalation

2023-03-0623:15:00

PRIOn knowledge base

www.prio-n.com

privilege escalation

windows kerberos

vulnerability

samba active directory

encryption issue

nvd

rc4-hmac

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.8%

JSON

Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96).

CPENameOperatorVersion
sambage4.16.0
sambalt4.16.8
sambalt4.15.13

Name	Operator	Version
samba	ge	4.16.0
samba	lt	4.16.8
samba	lt	4.15.13

References

security.gentoo.org/glsa/202309-06

www.samba.org/samba/security/CVE-2022-45141.html