CVE-2023-0922

Опубликовано: 29 мар. 2023

Источник: redhat

CVSS3: 5.9

Описание

The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection.

A vulnerability was found in Samba. This security issue occurs in the Samba AD DC administration tool. When operating against a remote LDAP server, it will, by default, send new or reset passwords over a signed-only connection.

Отчет

The samba package as shipped with Red Hat Enterprise Linux 6, 7, 8 and 9 and Red Hat Gluster is not affected by this issue as Red Hat doesn't provide the AD domain controller capability with it.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	samba	Not affected
Red Hat Enterprise Linux 7	samba	Not affected
Red Hat Enterprise Linux 8	samba	Not affected
Red Hat Enterprise Linux 9	samba	Not affected
Red Hat Storage 3	samba	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-319

https://bugzilla.redhat.com/show_bug.cgi?id=2182774samba: AD DC admin tool samba-tool sends passwords in cleartext

5.9 Medium

CVSS3

Связанные уязвимости

CVE-2023-0922

CVSS3: 5.9

ubuntu

почти 3 года назад

The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection.

CVE-2023-0922

CVSS3: 5.9

nvd

почти 3 года назад

The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection.