Samba settings SNAFU lets any user change admin passwords

Samba settings SNAFU lets any user change admin passwords (Mar 14, 2018)

A new security advisory has been released in regards to a vulnerability, registered as "CVE-2018-1057," discovered in Samba 4 Active Directory Domain Controller (AD DC), in which the LDAP server incorrectly validates permissions to modify passwords allowing any authenticated user to change any other users passwords, including admins and domain controllers.

Recommendation: A patch has now been issued to address the problem. The patch addressing the vulnerability has been posted to "https://www.samba.org/samba/security/". Users should apply the update as soon as possible to avoid potential exploitation.

Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.