Lucene search

K
cveRedhatCVE-2019-14833
HistoryNov 06, 2019 - 10:15 a.m.

CVE-2019-14833

2019-11-0610:15:10
CWE-521
CWE-305
redhat
web.nvd.nist.gov
468
6
samba
cve-2019-14833
password complexity
vulnerability
nvd
security flaw
dictionary attack

CVSS2

4.9

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

56.7%

A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for samba users, making it vulnerable to dictionary attacks.

Affected configurations

Nvd
Vulners
Node
sambasambaRange4.5.0–4.9.15
OR
sambasambaRange4.10.0–4.10.10
OR
sambasambaRange4.11.0–4.11.2
Node
fedoraprojectfedoraMatch29
OR
fedoraprojectfedoraMatch30
OR
fedoraprojectfedoraMatch31
OR
opensuseleapMatch15.0
VendorProductVersionCPE
sambasamba*cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
fedoraprojectfedora29cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
fedoraprojectfedora30cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
fedoraprojectfedora31cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
opensuseleap15.0cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "Samba",
    "product": "samba",
    "versions": [
      {
        "version": "all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2",
        "status": "affected"
      }
    ]
  }
]

Social References

More

CVSS2

4.9

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

56.7%