CVE-2022-2031

HIGH Year: 2022
CVSS v3 Score
8.8
High
Weakness Type
CWE-288
View all →

Vulnerability Description

A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other services.

Related Vulnerabilities

CVE-2016-9497

HIGH
CVSS:8.8(High)

Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, is vulnerable to an authentication bypass using an alternate path or channel. By default, port 1953 is accessible ...

CWE-2882016

CVE-2019-13526

HIGH
CVSS:8.8(High)

Datalogic AV7000 Linear barcode scanner all versions prior to 4.6.0.0 is vulnerable to authentication bypass, which may allow an attacker to remotely execute arbitrary code.

CWE-2882019

CVE-2019-5486

HIGH
CVSS:8.8(High)

A authentication bypass vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.10 in the Salesforce login integration that could be used by an attacker to create an account that bypassed ...

CWE-2882019

CVE-2020-15633

HIGH
CVSS:8.8(High)

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.20B10_BETA. Authentication is no...

CWE-2882020

CVE-2020-27865

HIGH
CVSS:8.8(High)

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. Authentication is not required to e...

CWE-2882020

CVE-2020-27866

HIGH
CVSS:8.8(High)

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, ...

CWE-2882020