PT-2016-3366 · Samba+9 · Samba+9
Huzaifa S. Sidhpurwala
·
Published
2016-11-24
·
Updated
2024-06-15
·
CVE-2016-2124
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Samba versions prior to the fixed version
Description
A flaw was found in the way Samba implemented SMB1 authentication, allowing an attacker to retrieve the plaintext password sent over the wire, even if Kerberos authentication was required. This could enable a remote attacker to perform a man-in-the-middle attack.
Recommendations
For versions prior to the fixed version, consider disabling SMB1 authentication until a patch is available.
As a temporary workaround, restrict the use of plaintext passwords in SMB1 connections to minimize the risk of exploitation.
Avoid using SMB1 for authentication whenever possible, and opt for more secure authentication methods like Kerberos.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Access Control
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Red Hat
Rocky Linux
Samba
Suse
Ubuntu