Authentication Bypass

2022-08-0403:37:49

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

samba

vulnerability

authentication

bypass

kpasswd ticket

attacker

0.001 Low

EPSS

Percentile

42.9%

JSON

samba is vulnerable to authentication bypass. The vulnerability exists because the lifetime of kpasswd tickets has not been restricted which allows an attacker to obtain and use tickets.

CPENameOperatorVersion
samba:focaleq2:4.11.6+dfsg-0ubuntu1.6
samba:focaleq2:4.11.6+dfsg-0ubuntu1.4
samba:focaleq2:4.11.6+dfsg-0ubuntu1
samba:sideq2:4.13.5+dfsg-2
samba:sideq2:4.13.2+dfsg-3
samba:edgeeq4.12.0-r0
samba:edgeeq4.13.5-r0
samba:edgeeq4.15.2-r0
samba:edgeeq4.14.5-r0
samba:edgeeq4.15.7-r0

Name	Operator	Version
samba:focal	eq	2:4.11.6+dfsg-0ubuntu1.6
samba:focal	eq	2:4.11.6+dfsg-0ubuntu1.4
samba:focal	eq	2:4.11.6+dfsg-0ubuntu1
samba:sid	eq	2:4.13.5+dfsg-2
samba:sid	eq	2:4.13.2+dfsg-3
samba:edge	eq	4.12.0-r0
samba:edge	eq	4.13.5-r0
samba:edge	eq	4.15.2-r0
samba:edge	eq	4.14.5-r0
samba:edge	eq	4.15.7-r0