Insufficiently Protected Credentials

CVE-2018-1139

High

8.1/10

Summary

A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-522 - Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References

Advisory Timeline

Published Aug 22, 2018

Insufficiently Protected Credentials

CVE-2018-1139

Summary

CWE-522 - Insufficiently Protected Credentials

References

Advisory Timeline

KICS Auto Scanning VS Code Extension

KICS SaaS

KICS CLI