CVE-2022-34298: 
Java vulnerability analysis and mitigation

The NT auth module in OpenAM before version 14.6.6 contains a vulnerability (CVE-2022-34298) that allows attackers to perform a "replace Samba username attack." The vulnerability was discovered in June 2022 and affects the Windows NT authentication module of the OpenAM access management platform (Labs WatchTowr, NVD).

The vulnerability exists in the NT authentication module's handling of credentials when authenticating users via Samba/SMB. The flaw allows attackers to inject additional username entries into the authentication configuration file used by smbclient. Due to smbclient's behavior of accepting duplicate key values and using the last occurrence, attackers can override the original username with an arbitrary value. The vulnerability has a CVSS v3.1 base score of 5.3 (Medium) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N (NVD, Labs WatchTowr).

When exploited, this vulnerability allows attackers to impersonate any user in the system by manipulating the authentication process. An attacker can authenticate as a different user than the one initially specified, potentially gaining unauthorized access to protected resources (Labs WatchTowr).

The vulnerability was patched in OpenAM version 14.6.6, released on June 22, 2022. Organizations using affected versions should upgrade to version 14.6.6 or later to address this security issue (OpenAM Release, OpenAM Patch).