The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection. References: https://www.samba.org/samba/security/CVE-2023-0922.html https://www.samba.org/samba/history/security.html
Created samba tracking bugs for this issue: Affects: fedora-all [bug 2182775]
The samba package as shipped with Red Hat Enterprise Linux 6, 7, 8 and 9 and Red Hat Gluster is not affected by this issue as Red Hat doesn't provide the AD domain controller capability with it.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-0922