LDAP Protocol-Downgrade Vulnerability in Samba 3.x and 4.x

LDAP Protocol-Downgrade Vulnerability in Samba 3.x and 4.x

CVE-2016-2112 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.

Learn more about our Cis Benchmark Audit For Server Software.