Lucene search

[email protected]NVD:CVE-2016-2124

HistoryFeb 18, 2022 - 6:15 p.m.

CVE-2016-2124

2022-02-1818:15:08

CWE-287

[email protected]

web.nvd.nist.gov

samba authentication vulnerability

smb1 plaintext password

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.003

Percentile

69.5%

JSON

A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.

Affected configurations

Nvd

Node

sambasambaRange3.0.0–4.13.14

sambasambaRange4.14.0–4.14.10

sambasambaRange4.15.0–4.15.2

Node

debiandebian_linuxMatch9.0

debiandebian_linuxMatch10.0

Node

fedoraprojectfedoraMatch33

fedoraprojectfedoraMatch34

fedoraprojectfedoraMatch35

Node

redhatcodeready_linux_builderMatch-

redhatgluster_storageMatch3.0

redhatgluster_storageMatch3.5

redhatopenstackMatch13

redhatopenstackMatch16.1

redhatopenstackMatch16.2

redhatvirtualization_hostMatch4.0

redhatenterprise_linuxMatch7.0

redhatenterprise_linuxMatch8.0

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_eusMatch8.2

redhatenterprise_linux_eusMatch8.4

redhatenterprise_linux_for_ibm_z_systemsMatch7.0

redhatenterprise_linux_for_ibm_z_systemsMatch8.0

redhatenterprise_linux_for_ibm_z_systems_eusMatch8.2

redhatenterprise_linux_for_ibm_z_systems_eusMatch8.4

redhatenterprise_linux_for_power_big_endianMatch7.0

redhatenterprise_linux_for_power_little_endianMatch7.0

redhatenterprise_linux_for_power_little_endianMatch8.0

redhatenterprise_linux_for_power_little_endian_eusMatch8.2

redhatenterprise_linux_for_power_little_endian_eusMatch8.4

redhatenterprise_linux_for_scientific_computingMatch7.0

redhatenterprise_linux_resilient_storageMatch7.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_ausMatch8.2

redhatenterprise_linux_server_ausMatch8.4

redhatenterprise_linux_server_tusMatch8.4

redhatenterprise_linux_server_update_services_for_sap_solutionsMatch8.2

redhatenterprise_linux_server_update_services_for_sap_solutionsMatch8.4

redhatenterprise_linux_tusMatch8.2

redhatenterprise_linux_workstationMatch7.0

Node

canonicalubuntu_linuxMatch18.04lts

canonicalubuntu_linuxMatch20.04lts

canonicalubuntu_linuxMatch21.04

canonicalubuntu_linuxMatch21.10

VendorProductVersionCPE
sambasamba*cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
debiandebian_linux9.0cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
debiandebian_linux10.0cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
fedoraprojectfedora33cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
fedoraprojectfedora34cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
fedoraprojectfedora35cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
redhatcodeready_linux_builder-cpe:2.3:a:redhat:codeready_linux_builder:-:*:*:*:*:*:*:*
redhatgluster_storage3.0cpe:2.3:a:redhat:gluster_storage:3.0:*:*:*:*:*:*:*
redhatgluster_storage3.5cpe:2.3:a:redhat:gluster_storage:3.5:*:*:*:*:*:*:*
redhatopenstack13cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
samba	samba	*	cpe:2.3:a:samba:samba::::::::
debian	debian_linux	9.0	cpe:2.3:o:debian:debian_linux:9.0:::::::*
debian	debian_linux	10.0	cpe:2.3:o:debian:debian_linux:10.0:::::::*
fedoraproject	fedora	33	cpe:2.3:o:fedoraproject:fedora:33:::::::*
fedoraproject	fedora	34	cpe:2.3:o:fedoraproject:fedora:34:::::::*
fedoraproject	fedora	35	cpe:2.3:o:fedoraproject:fedora:35:::::::*
redhat	codeready_linux_builder	-	cpe:2.3:a:redhat:codeready_linux_builder:-:::::::*
redhat	gluster_storage	3.0	cpe:2.3:a:redhat:gluster_storage:3.0:::::::*
redhat	gluster_storage	3.5	cpe:2.3:a:redhat:gluster_storage:3.5:::::::*
redhat	openstack	13	cpe:2.3:a:redhat:openstack:13:::::::*