CVE-2016-2124

MEDIUM

Samba < 4.13.14 - Authentication Bypass

Title source: rule

Description

A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.

References (4)

[Issue Tracking, Patch, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=2019660

[Mailing List] https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html

[Mitigation, Vendor Advisory] https://www.samba.org/samba/security/CVE-2016-2124.html

[Third Party Advisory] https://security.gentoo.org/glsa/202309-06

Scores

CVSS v3 5.9

EPSS 0.0071

EPSS Percentile 72.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-287

Status published

Affected Products (41)

samba/samba < 4.13.14

debian/debian_linux

fedoraproject/fedora

redhat/codeready_linux_builder

redhat/gluster_storage

redhat/openstack

redhat/virtualization_host

redhat/enterprise_linux

... and 26 more

Timeline

Published Feb 18, 2022

Tracked Since Feb 18, 2026