CVE-2000-0937

Name of the Vulnerable Software and Affected Versions Samba version 2.0.7

Description The issue concerns the Samba Web Administration Tool (SWAT) in Samba, where it fails to log login attempts with correct usernames but incorrect passwords. This oversight enables remote attackers to perform brute force password guessing attacks without being detected.

Recommendations For Samba version 2.0.7, consider implementing additional logging mechanisms to track all login attempts, including those with correct usernames and incorrect passwords, to detect and prevent brute force attacks. As a temporary workaround, restrict access to the SWAT interface to minimize the risk of exploitation.