The machine trust account password is the secret
shared between a domain controller and a specific
member server. Access to the member server machine
credentials allows an attacker to impersonate the
server in the domain and gain access to additional
information regarding domain users and groups.
The winbindd daemon writes the clear text of server's
machine credentials to its log file at level 5.
The winbindd log files are world readable by default
and often log files are requested on open mailing
lists as tools used to debug server misconfigurations.
This affects servers configured to use domain or
ads security and possibly Samba domain controllers
as well (if configured to use winbindd).