Samba LDAP Auth Info Leak Reveals Deleted Object Names
CVE-2018-14628 Published on January 17, 2023
An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.
Weakness Type
What is an AuthZ Vulnerability?
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
CVE-2018-14628 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2018-14628
stack.watch emails you whenever new vulnerabilities are published in Samba or Fedora Project Fedora. Just hit a watch button to start following.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.