CVE-2018-1139

High

A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly…

redhat·CWE-20·Published 2018-08-22

CVSS

8.1

EPSS

0.03

KEV

Exploits

cve.orgen

278 chars

A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client.

NVDen

278 chars

NVDes

355 chars

Se ha detectado un fallo en la manera en la que samba en versiones anteriores a la 4.7.9 y 4.8.4 permitía el uso de la autenticación NTLMv1 débil incluso cuando NTLMv1 estaba explícitamente deshabilitado. Un atacante Man-in-the-Middle (MitM) podría utilizar este fallo para leer la credencial y otros detalles pasados entre el servidor y cliente de samba.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N
3.0	Primary	cve.org	5.4	—	—	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N