CVE-2019-14833

Name of the Vulnerable Software and Affected Versions Samba versions 4.5.0 through 4.9.14 Samba versions 4.10.0 through 4.10.9 Samba versions 4.11.0 through 4.11.1

Description A flaw was found in the way Samba handles a user password change or a new password for a Samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for Samba users, making it vulnerable to dictionary attacks. The issue can be exploited by a remote attacker to bypass existing security restrictions using a brute force attack.

Recommendations For Samba versions 4.5.0 through 4.9.14, update to version 4.9.15 or later. For Samba versions 4.10.0 through 4.10.9, update to version 4.10.10 or later. For Samba versions 4.11.0 through 4.11.1, update to version 4.11.2 or later. As a temporary workaround, consider disabling the use of custom scripts for password complexity checks until a patch is available. Restrict access to the Samba Active Directory Domain Controller to minimize the risk of exploitation.