Note:
This project will be discontinued after December 13, 2021. [more]
2018-08-22
A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client.
Products | Ubuntu_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Samba |
Type | Insufficiently Protected Credentials (CWE-522) |
First patch | - None (likely due to unavailable code) |
Links |
• https://www.samba.org/samba/security/CVE-2018-1139.html
• https://access.redhat.com/errata/RHSA-2018:2613 • https://usn.ubuntu.com/3738-1/ • https://access.redhat.com/errata/RHSA-2018:2612 • https://security.netapp.com/advisory/ntap-20180814-0001/ |