This advisory is informational only
|Title:||Authenticated users able to change the passwords for any account|
Authenticated users are able to change the passwords for any account.
Recently, a security vulnerability has been discovered in Samba. Although Panzura does use Samba software, there is no susceptibility to this vulnerability in any of our products. This alert is informational only.
Panzura nodes use Samba software to enable the node to appear as a file server to Windows clients. The security vulnerability that was discovered is one in which a user, once authenticated, is able to change the password for any user, including administrator accounts.
For the attack to succeed, the Samba server must be acting as an Active Directory Domain Controller (AD DC). Panzura nodes do not act as an AD DC’s, so the node is not susceptible to this attack.
See https://www.samba.org/samba/security/CVE-2018-1057.html (CVE-2018-1057) for more details regarding this vulnerability.
No action required.