QwikSec

Security Database

CVE

CWE

Training

CVE-2018-1139

Published: Aug 22, 2018

Modified: Aug 5, 2024

PUBLISHED

CVSS v3.0

5.4

MEDIUM

Description

A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client.

Vendor	Product	Versions
The Samba Team	samba	affected `before 4.7.9` affected `before 4.8.4`

Weaknesses (CWE)

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

References

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1139

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_REDHAT

https://security.netapp.com/advisory/ntap-20180814-0001/

x_refsource_CONFIRM

https://www.samba.org/samba/security/CVE-2018-1139.html

x_refsource_CONFIRM

vendor-advisory

x_refsource_GENTOO

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.