5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.007 Low
EPSS
Percentile
80.7%
Samba project reports:
In Sambaโs SAMR server we neglect to ensure that attempted
password changes will update the bad password count, nor set
the lockout flags. This would allow a user unlimited attempts
against the password by simply calling ChangePasswordUser2
repeatedly.
This is available without any other authentication.
smbcacls can remove a file or directory ACL by mistake.