CVE-2016-2124
MEDIUMSamba 3.0.0-4.13.13 - Improper Authentication via SMB1 Plaintext Password Exposure
Title source: llmDescription
A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.
References (4)
Core 4
Core References
Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202309-06
Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2019660
Mitigation, Vendor Advisory
https://www.samba.org/samba/security/CVE-2016-2124.html
Scores
CVSS v3
5.9
EPSS
0.0070
EPSS Percentile
72.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-287
Status
published
Products (41)
canonical/ubuntu_linux
18.04
canonical/ubuntu_linux
20.04
canonical/ubuntu_linux
21.04
canonical/ubuntu_linux
21.10
debian/debian_linux
9.0
debian/debian_linux
10.0
fedoraproject/fedora
33
fedoraproject/fedora
34
fedoraproject/fedora
35
redhat/codeready_linux_builder
... and 31 more
Published
Feb 18, 2022
Tracked Since
Feb 18, 2026