Skip to main content

Use of a Broken or Risky Cryptographic Algorithm


Severity High
Score 9.8/10


Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96). This issue affects the samba versions 4.1.6+dfsg-1ubuntu2 through 4.13.17~dfsg-0ubuntu1.20.04.2, 4.13.17~dfsg-0ubuntu0.21.04.1 through 4.15.9+dfsg-0ubuntu0.3, and 4.16.1+dfsg-8ubuntu1 through 4.16.4+dfsg-2ubuntu1.

  • LOW
  • HIGH
  • NONE
  • NONE
  • HIGH
  • HIGH

CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.

Advisory Timeline

  • Published