Wednesday, August 10, 2022
LetsAskBinu.com
  • Home
  • Cybersecurity
  • Cyber Threats
  • Hacking
  • Protection
  • Networking
  • Malware
  • Fintech
  • Internet Of Things
No Result
View All Result
LetsAskBinu.com
No Result
View All Result
Home Cybersecurity

Samba Fixes Serious Password-Reset Flaws

Researcher by Researcher
July 31, 2022
in Cybersecurity
0
Samba Fixes Serious Password-Reset Flaws
189
SHARES
1.5k
VIEWS
Share on FacebookShare on Twitter


Many current versions of the Samba SMB file server contain a vulnerability that can allow a user on the server to change the administrator’s password and take complete control of the domain.

The vulnerability (CVE-2022-32744) affects Samba versions 4.3 and later and is a result of the way that the Key Distribution Center for Kerberos handles password-reset requests. The root cause of the bug is that the KDC will accept kpasswd–or password reset–requests that are encrypted with any key that it knows. A valid user on the system could abuse this to forge a password-reset request for another user and encrypt it with his own key.

“Tickets received by the kpasswd service were decrypted without specifying that only that service’s own keys should be tried. By setting the ticket’s server name to a principal associated with their own account, or by exploiting a fallback where known keys would be tried until a suitable one was found, an attacker could have the server accept tickets encrypted with any key, including their own,” an advisory from the Samba maintainers says.

“A user could thus change the password of the Administrator account and gain total control over the domain. Full loss of confidentiality and integrity would be possible, as well as of availability by denying users access to their accounts.”

Samba released a fix for the issue on Wednesday, along with patches for several other vulnerabilities. The most serious of the other bugs is also related to the KDC and password resets. A user could exploit this vulnerability (CVE-2022-2031) to gain access to other services on the domain.

“The KDC and the kpasswd service share a single account and set of keys. In certain cases, this makes the two services susceptible to confusion. When a user’s password has expired, that user is requested to change their password. Until doing so, the user is restricted to only acquiring tickets to kpasswd,” the advisory says.

However, a vulnerability meant that the kpasswd’s principal, when canonicalized, was set to that of the TGS (Ticket-Granting Service), thus yielding TGTs from ordinary kpasswd requests. These TGTs could be used to perform an Elevation of Privilege attack by obtaining service tickets and using services in the forest. This vulnerability existed in versions of Samba built with Heimdal Kerberos. A separate vulnerability in Samba versions below 4.16, and in Samba built with MIT Kerberos, led the KDC to accept kpasswd tickets as if they were TGTs, with the same overall outcome.”

If installing the updated versions isn’t an immediate option, the workaround for both of these vulnerabilities is to disable the kpasswd protocol.



Source link

Related articles

Musk Threatens to Walk Away From Twitter Deal

Jury Finds Ex-Twitter Worker Spied for Saudi Royals

August 10, 2022
How to reset your Windows 10 password when you forget it

How to reset your Windows 10 password when you forget it

August 10, 2022
Tags: fixesflawsPasswordResetSamba
Share76Tweet47

Related Posts

Musk Threatens to Walk Away From Twitter Deal

Jury Finds Ex-Twitter Worker Spied for Saudi Royals

August 10, 2022
0

A former Twitter worker was found guilty on Tuesday of spying for Saudi officials keen to unmask critics on the...

How to reset your Windows 10 password when you forget it

How to reset your Windows 10 password when you forget it

August 10, 2022
0

Learn how to reset your Windows 10 password whether you use a Microsoft Account or a local account. Uh-oh, you’ve...

VMware Warns of Critical Authentication Bypass Flaw

Exploit Available for Critical VMware Bug CVE-2022-31656

August 9, 2022
0

The researcher who discovered two critical vulnerabilities in VMware ONE Workspace Access has released a proof-of-concept exploit for one of...

High-Severity Flaw in Argo CD is Information Leak Risk

Privya Emerges From Stealth With Data Privacy Code Scanning Platform

August 9, 2022
0

Privya emerged from stealth mode on Tuesday with a data privacy-focused code scanning platform and $6 million in seed funding....

How older security vulnerabilities continue to pose a threat

How older security vulnerabilities continue to pose a threat

August 9, 2022
0

Security flaws dating back more than 10 years are still around and still pose a risk of being freely exploited,...

Load More
  • Trending
  • Comments
  • Latest
Brave browser’s Tor mode exposed users’ dark web activity

Brave browser’s Tor mode exposed users’ dark web activity

February 18, 2022
This Week in Fintech: TFT Bi-Weekly News Roundup 08/02

This Week in Fintech: TFT Bi-Weekly News Roundup 15/03

March 15, 2022
QNAP Escalation Vulnerability Let Attackers Gain Administrator Privileges

QNAP Escalation Vulnerability Let Attackers Gain Administrator Privileges

March 15, 2022
A first look at threat intelligence and threat hunting tools

A first look at threat intelligence and threat hunting tools

March 15, 2022
Beware! Facebook accounts being hijacked via Messenger prize phishing chats

Beware! Facebook accounts being hijacked via Messenger prize phishing chats

0
Shoulder surfing: Watch out for eagle‑eyed snoopers peeking at your phone

Shoulder surfing: Watch out for eagle‑eyed snoopers peeking at your phone

0
Remote work causing security issues for system and IT administrators

Remote work causing security issues for system and IT administrators

0
Elementor WordPress plugin has a gaping security hole – update now – Naked Security

Elementor WordPress plugin has a gaping security hole – update now – Naked Security

0
UK Fintech News Round-Up: The Latest Stories 02/03

UK Fintech News Roundup: The Latest Stories 10/08

August 10, 2022
Musk Threatens to Walk Away From Twitter Deal

Jury Finds Ex-Twitter Worker Spied for Saudi Royals

August 10, 2022
MAS Confirms the Return of Singapore Fintech Festival 2022 as an In-Person Event

MAS Confirms the Return of Singapore Fintech Festival 2022 as an In-Person Event

August 10, 2022
How to reset your Windows 10 password when you forget it

How to reset your Windows 10 password when you forget it

August 10, 2022

Recent Posts

UK Fintech News Round-Up: The Latest Stories 02/03

UK Fintech News Roundup: The Latest Stories 10/08

August 10, 2022
Musk Threatens to Walk Away From Twitter Deal

Jury Finds Ex-Twitter Worker Spied for Saudi Royals

August 10, 2022
MAS Confirms the Return of Singapore Fintech Festival 2022 as an In-Person Event

MAS Confirms the Return of Singapore Fintech Festival 2022 as an In-Person Event

August 10, 2022

Categories

  • Cyber Threats
  • Cybersecurity
  • Fintech
  • Hacking
  • Internet Of Things
  • Malware
  • Networking
  • Protection

Tags

Access Android attack Attacks banking BiWeekly bug Cisco critical Cyber Cybersecurity Data devices Digital exploited financial Finds Fintech Flaw flaws Google Group Hackers Krebs Latest malware Microsoft million Network News open Payments phishing Ransomware RoundUp scams security Software TFT Threat vulnerability warns Week Windows zeroday

© 2022 Lets Ask Binu All Rights Reserved

No Result
View All Result
  • Home
  • Cybersecurity
  • Cyber Threats
  • Hacking
  • Protection
  • Networking
  • Malware
  • Fintech
  • Internet Of Things

© 2022 Lets Ask Binu All Rights Reserved