#VU70384 Use of a broken or risky cryptographic algorithm in Samba - CVE-2022-45141


Vulnerability identifier: #VU70384

Vulnerability risk: High

CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-45141

CWE-ID: CWE-327

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Samba
Server applications / Directory software, identity management

Vendor: Samba

Description

The vulnerability allows a remote attacker to bypass authentication.

The vulnerability exists due to an error that allows an attacker to force the server so issue an rc4-hmac ticket encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96). A remote attacker can perform an offline attack against the ticket encrypted with rc4-hmac and login as a privileged user.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Samba: 4.15.0 - 4.15.12

External links
https://www.samba.org/samba/security/CVE-2022-45141.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in HP-UX Common Internet File System (CIFS)
Amazon Linux AMI update for samba
Gentoo update for Samba
Ubuntu update for samba
Ubuntu update for samba
Ubuntu update for samba
openEuler 22.03 LTS update for samba
openEuler 20.03 LTS SP3 update for samba
openEuler 20.03 LTS SP1 update for samba
Slackware Linux update for samba