CVE-2022-45141

CRITICAL Year: 2022
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-328
View all →

Vulnerability Description

Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96).

Related Vulnerabilities

CVE-2025-27595

CRITICAL
CVSS:9.8(Critical)

The device uses a weak hashing alghorithm to create the password hash. Hence, a matching password can be easily calculated by an attacker. This impacts the security and the integrity of the device.

CWE-3282025

CVE-2023-46133

CRITICAL
CVSS:9.1(Critical)

CryptoES is a cryptography algorithms library compatible with ES6 and TypeScript. Prior to version 2.1.0, CryptoES PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,00...

CWE-3282023

CVE-2023-46233

CRITICAL
CVSS:9.1(Critical)

crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than curren...

CWE-3282023

CVE-2024-48847

HIGH
CVSS:9.1(Critical)

MD5 Checksum Bypass vulnerabilities where found exploiting a weakness in the way an application dependency calculates or validates MD5 checksum hashes. Affected products: ABB ASPECT - Enterprise v3.08...

CWE-3282024

CVE-2023-43630

HIGH
CVSS:8.8(High)

PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but due to the change that was implemented in commit “7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4”, fixing this issue alone would not so...

CWE-3282023

CVE-2023-43635

HIGH
CVSS:8.8(High)

Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a PCR locking mechanism. Different parts of the system update different PCR values in the TPM, resulting in a ...

CWE-3282023