Vulnerability CVE-2016-2124
Published: 2022-02-18

Description:
A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.

Type:

CWE-287

 (Improper Authentication)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Samba -> Samba 
Redhat -> Enterprise linux for scientific computing 
Redhat -> Enterprise linux resilient storage 
Redhat -> Enterprise linux server 
Redhat -> Enterprise linux server aus 
Redhat -> Codeready linux builder 
Redhat -> Enterprise linux server tus 
Redhat -> Gluster storage 
Redhat -> Enterprise linux server update services for sap solutions 
Redhat -> Openstack 
Redhat -> Enterprise linux tus 
Redhat -> Virtualization host 
Redhat -> Enterprise linux workstation 
Redhat -> Enterprise linux 
Redhat -> Enterprise linux desktop 
Redhat -> Enterprise linux eus 
Redhat -> Enterprise linux for ibm z systems 
Redhat -> Enterprise linux for ibm z systems eus 
Redhat -> Enterprise linux for power big endian 
Redhat -> Enterprise linux for power little endian 
Redhat -> Enterprise linux for power little endian eus 
Fedoraproject -> Fedora 
Debian -> Debian linux 
Canonical -> Ubuntu linux 

 References:
https://bugzilla.redhat.com/show_bug.cgi?id=2019660
https://www.samba.org/samba/security/CVE-2016-2124.html
Copyright 2024, cxsecurity.com

 

Back to Top