Home > Vulnerability Database > CVE-2016-2124

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2016-2124

Date: February 17, 2022

A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.

Severity Score

5.9

Related Resources (10)

Url: https://nvd.nist.gov/vuln/detail/CVE-2016-2124

Url: https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html

Url: https://access.redhat.com/security/cve/CVE-2016-2124

Url: https://security.alpinelinux.org/vuln/CVE-2016-2124

Url: https://security-tracker.debian.org/tracker/CVE-2016-2124

Url: https://www.samba.org/samba/security/CVE-2016-2124.html

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2019660

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2016-2124

Url: https://security.gentoo.org/glsa/202309-06

Url: https://www.mend.io/vulnerability-database/CVE-2016-2124

Severity Score

5.9

Weakness Type (CWE)

Improper Authentication

CWE-287

CVSS v3.1

Base Score:	5.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Do you need more information?

Contact Us