CVE-2018-1139

Summary

A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client.

Affected Software

VendorProductVersion RangeStatus
The Samba Teamsambabefore 4.7.9affected
The Samba Teamsambabefore 4.8.4affected

Weaknesses

  • CWE-20: CWE-20

ADP Enrichment

CVE Program Container

Additional References

References