Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-16857

Опубликовано: 28 нояб. 2018
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.3
CVSS3: 7.4

Описание

Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all. The primary risk from this issue is with regards to domains that have been upgraded from Samba 4.8 and earlier. In these cases the manual testing done to confirm an organisation's password policies apply as expected may not have been re-done after the upgrade.

РелизСтатусПримечание
bionic

not-affected

cosmic

not-affected

devel

not-affected

esm-infra-legacy/trusty

not-affected

esm-infra/bionic

not-affected

esm-infra/xenial

not-affected

precise/esm

not-affected

trusty

not-affected

trusty/esm

not-affected

upstream

released

4.9.3

Показывать по

Ссылки на источники

EPSS

Процентиль: 85%
0.025
Низкий

4.3 Medium

CVSS2

7.4 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2018-16857

CVSS3: 7.4
redhat
около 7 лет назад

Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all. The primary risk from this issue is with regards to domains that have been upgraded from Samba 4.8 and earlier. In these cases the manual testing done to confirm an organisation's password policies apply as expected may not have been re-done after the upgrade.

nvd логотип

CVE-2018-16857

CVSS3: 7.4
nvd
около 7 лет назад

Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all. The primary risk from this issue is with regards to domains that have been upgraded from Samba 4.8 and earlier. In these cases the manual testing done to confirm an organisation's password policies apply as expected may not have been re-done after the upgrade.

debian логотип

CVE-2018-16857

CVSS3: 7.4
debian
около 7 лет назад

Samba from version 4.9.0 and before version 4.9.3 that have AD DC conf ...

github логотип

GHSA-qhgj-r7g7-whqw

CVSS3: 5.9
github
больше 3 лет назад

Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all. The primary risk from this issue is with regards to domains that have been upgraded from Samba 4.8 and earlier. In these cases the manual testing done to confirm an organisation's password policies apply as expected may not have been re-done after the upgrade.

fstec логотип

BDU:2020-00697

CVSS3: 5.9
fstec
больше 7 лет назад

Уязвимость конфигурации AD DC программ сетевого взаимодействия Samba, позволяющая нарушителю оказать воздействие на целостность информации

EPSS

Процентиль: 85%
0.025
Низкий

4.3 Medium

CVSS2

7.4 High

CVSS3