CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 0CVE-2013-4496 – samba: Password lockout not enforced for SAMR password changes
https://notcve.org/view.php?id=CVE-2013-4496
Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obtain access via brute-force ChangePasswordUser2 (1) SAMR or (2) RAP attempts. Samba 3.x anterior a 3.6.23, 4.0.x anterior a 4.0.16 y 4.1.x anterior a 4.1.6 no fuerza el mecanismo de protección de adivinación de contraseña para todas las interfaces, lo que facilita a atacantes remotos obtener acceso a través de intentos de fuerza bruta de ChangePasswordUser2 (1) SAMR o (2) RAP. • http://advisories.mageia.org/MGASA-2014-0138.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00062.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00063.html http://rhn. • CWE-255: Credentials Management Errors •