The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change the passwords of other users, enabling full domain takeover. CREATE(Triage):(User=admin) CVE-2022-32744 (https://nvd.nist.gov/vuln/detail/CVE-2022-32744)