CVE-2018-1139

Severity CVSS v4.0:
Pending analysis
Type:
CWE-522 Insufficiently Protected Credentials
Publication date:
22/08/2018
Last modified:
29/08/2022

Description

A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* 4.7.0 (including) 4.7.9 (excluding)
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* 4.8.0 (including) 4.8.4 (excluding)
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*