Lucene search

RedhatCVE-2019-14833

HistoryNov 06, 2019 - 10:15 a.m.

CVE-2019-14833

2019-11-0610:15:10

CWE-521

CWE-305

redhat

web.nvd.nist.gov

453

samba

cve-2019-14833

password complexity

vulnerability

nvd

security flaw

dictionary attack

CVSS2

4.9

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

47.0%

JSON

A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for samba users, making it vulnerable to dictionary attacks.

Affected configurations

Nvd

Vulners

Node

sambasambaRange4.5.0–4.9.15

sambasambaRange4.10.0–4.10.10

sambasambaRange4.11.0–4.11.2

Node

fedoraprojectfedoraMatch29

fedoraprojectfedoraMatch30

fedoraprojectfedoraMatch31

opensuseleapMatch15.0

VendorProductVersionCPE
sambasamba*cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
fedoraprojectfedora29cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
fedoraprojectfedora30cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
fedoraprojectfedora31cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
opensuseleap15.0cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
samba	samba	*	cpe:2.3:a:samba:samba::::::::
fedoraproject	fedora	29	cpe:2.3:o:fedoraproject:fedora:29:::::::*
fedoraproject	fedora	30	cpe:2.3:o:fedoraproject:fedora:30:::::::*
fedoraproject	fedora	31	cpe:2.3:o:fedoraproject:fedora:31:::::::*
opensuse	leap	15.0	cpe:2.3:o:opensuse:leap:15.0:::::::*

CNA Affected

[
  {
    "vendor": "Samba",
    "product": "samba",
    "versions": [
      {
        "version": "all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2",
        "status": "affected"
      }
    ]
  }
]