CVE-2019-14833 MEDIUM

CVE-2019-14833

Vendor Samba
Product samba
Weakness CWE-305
Published November 6, 2019
Last update August 5, 2024

CVSS base score

4.2/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for samba users, making it vulnerable to dictionary attacks.

Key dates

02Disclosure timeline

November 6, 2019 CVE published
August 5, 2024 Record updated