Published: 28/11/2018 Updated: 09/10/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all. The primary risk from this issue is with regards to domains that have been upgraded from Samba 4.8 and previous versions. In these cases the manual testing done to confirm an organisation's password policies apply as expected may not have been re-done after the upgrade.

Vulnerable Product	Search on Vulmon	Subscribe to Product
samba samba

It was found that the 'bad password observation window' was ineffective when set to a value greater than 3 minutes This could allow for brute force password attacks in some situations ...

A security issue has been found in samba from 490 up to and including 492, where AD DC Configurations watching for bad passwords to restrict brute forcing in a window of more than 3 minutes may not watch for bad passwords at all ...

CWE-358 https://www.samba.org/samba/security/CVE-2018-16857.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16857 https://security.netapp.com/advisory/ntap-20181127-0001/http://www.securityfocus.com/bid/106024 https://security.gentoo.org/glsa/202003-52 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2018-16857

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-16857

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect