Use of a Broken or Risky Cryptographic Algorithm

Summary

Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96). This issue affects the samba versions 4.1.6+dfsg-1ubuntu2 through 4.13.17~dfsg-0ubuntu1.20.04.2, 4.13.17~dfsg-0ubuntu0.21.04.1 through 4.15.9+dfsg-0ubuntu0.3, and 4.16.1+dfsg-8ubuntu1 through 4.16.4+dfsg-2ubuntu1.