Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Samba AD DC Check Password Script Weakness (CVE-2019-14833)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
When the password contains multi-byte (non-ASCII) characters, the check password script of Samba AD DC does not receive the full password string.
Insight
Insight
Since Samba Version 4.5.0 a Samba AD DC can use a custom command to verify the password complexity. The command can be specified with the 'check password script' smb.conf parameter. This command is called when Samba handles a user password change or a new user password is set. The script receives the new cleartext password string in order to run custom password complexity checks like dictionary checks to avoid weak user passwords. When the password contains multi-byte (non-ASCII) characters, the check password script does not receive the full password string.
Affected Software
Affected Software
Samba 4.5.0 and later
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Update to version 4.11.2, 4.10.10, 4.9.15 or later.