CVE-2019-14833

N/A

A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for samba users, making it vulnerable to dictionary attacks.

N/A

使用基本弱点进行的认证绕过

Samba 安全漏洞

Samba是Samba团队的一套可使UNIX系列的操作系统与微软Windows操作系统的SMB/CIFS网络协议做连结的自由软件。该软件支持共享打印机、互相传输资料文件等。 Samba中存在安全漏洞。该漏洞源于程序没有正确处理密码检查脚本。攻击者可利用该漏洞实施字典攻击，破解密码。

N/A

N/A