|Title:||Panzura Security Advisory CloudFS-2018-002|
Authenticated users are able to change the passwords for any account.
Recently, a security vulnerability has been discovered in Samba. Although Panzura does use Samba software, there is no susceptibility to this vulnerability in any of our products. This alert is informational only.
Panzura Filers use Samba software to enable the filer to appear as a file server to Windows clients. The security vulnerability that was discovered is one in which a user, once authenticated, is able to change the password for any users, including administrator accounts.
For the attack to succeed, the Samba server must be acting as an Active Directory Domain Controller (AD DC). Panzura Filers do not act as an AD DC’s, so the filer is not susceptible to this attack.
See https://www.samba.org/samba/security/CVE-2018-1057.html (CVE-2018-1057) for more details regarding this vulnerability.