It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce SMB signing when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Samba | Samba | 3.0.25 | * |
Samba | Samba | 4.5.0 | * |
Samba | Samba | 4.6.0 | * |