Unrated severityOSV Advisory· Published Nov 28, 2018· Updated Aug 5, 2024
CVE-2018-16857
CVE-2018-16857
Description
Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all. The primary risk from this issue is with regards to domains that have been upgraded from Samba 4.8 and earlier. In these cases the manual testing done to confirm an organisation's password policies apply as expected may not have been re-done after the upgrade.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3ldb-1.4.3, samba-4.9.0, samba-4.9.1, …+ 1 more
- (no CPE)range: ldb-1.4.3, samba-4.9.0, samba-4.9.1, …
- (no CPE)range: >=4.9.0, <4.9.3
- osv-coordsRange: < 4.14.6+git.182.2205d5224e3-1.1
Patches
Vulnerability mechanics
References
5- security.gentoo.org/glsa/202003-52mitrevendor-advisoryx_refsource_GENTOO
- www.securityfocus.com/bid/106024mitrevdb-entryx_refsource_BID
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
- security.netapp.com/advisory/ntap-20181127-0001/mitrex_refsource_CONFIRM
- www.samba.org/samba/security/CVE-2018-16857.htmlmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.