Certified company | Engineering the world

Get in touch

Anyone Can Change Admin Password When Samba Is Used As Domain Conroller

Mar 13, 2018 | Uncategorized | 0 comments

The open source implementation of Windows file sharing has a serious security problem.When Samba is used as a domain controller in a network, it is basically possible for every user to change all passwords to that of the admins, thus bringing the server under complete control.


Samba is the standard in many networked environments when it comes to connecting Linux servers with Windows PCs to workstations. In this respect, the current problem should affect a fairly large number of companies and organizations. Information about the bug was released by the Samba development team itself – in conjunction with the appropriate patches. 

Also Read: Downgrading From Windows 10 To Windows 7 or 8.1

The problem, therefore, affects Samba versions of the 4 Series. Depending on the state of the variant used, it should be ensured that after installing the update version numbers 4.5.16, 4.6.14 or 4.7.6 are reached. These already contain the patches for error correction.For all Samba variants before 4.5 there are also patches, which must be downloaded and installed individually.

Also Read: Microsoft Admits Windows 10 Forced Upgrade For Older Versions Was A Mistake

The bug was fixed in the LDAP module of the Samba server, which replicates the directory service of Microsoft’s Windows server. Here, among other things, the login data of the users are managed for a domain. It is currently unclear whether the bug is already being exploited in practice to give attackers access to appropriate systems. The wiki on the software already gives hints on how to detect this in case of doubt.

Also Read: Next Windows 10 Update Would Probably Be Spring Creators Update

The main problem here is that it does not necessarily have to be a bad-faith employee who penetrates the corporate network. Often enough, employees also use far too simple passwords or are otherwise inattentive, so that even external criminals could gain access to a user account. They would then be able to penetrate deep into the network.


let’s get connected

Have a Question?

If you have any questions or need to discuss about your project
Feel free to reach out to our friendly team.