vulnerability

Samba CVE-2018-1057: Authenticated users can change other users' password

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:P/A:P)

Published

Mar 13, 2018

Added

Mar 13, 2018

Modified

Mar 27, 2026

Description

On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers).

Solutions

samba-upgrade-4_5_16samba-upgrade-4_6_14samba-upgrade-4_7_6

References

CVE-2018-1057
https://attackerkb.com/topics/CVE-2018-1057
CWE-863
EUVD-EUVD-2018-11710
http://www.samba.org/samba/security/CVE-2018-1057.html
https://euvd.enisa.europa.eu/vulnerability/EUVD-2018-11710

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report