Lucene search

K
cvelistRedhatCVELIST:CVE-2019-14833
HistoryNov 06, 2019 - 12:00 a.m.

CVE-2019-14833

2019-11-0600:00:00
CWE-305
redhat
www.cve.org
8
samba
password complexity
non-ascii characters
vulnerability
dictionary attacks

CVSS3

4.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

6

Confidence

High

EPSS

0.002

Percentile

56.7%

A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for samba users, making it vulnerable to dictionary attacks.

CNA Affected

[
  {
    "vendor": "Samba",
    "product": "samba",
    "versions": [
      {
        "version": "all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2",
        "status": "affected"
      }
    ]
  }
]

CVSS3

4.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

6

Confidence

High

EPSS

0.002

Percentile

56.7%