cvedb.io
CVE-2016-2112
MEDIUM · CVSS 5.9
EPSS exploitation probability: 0%
Published 2016-04-25T00:59:03.097 · Last modified 2026-06-17T00:43:28.323

Summary

The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.

Affected products

samba — samba

Does this affect you?

Add your gear to cvedb and we'll alert you only when samba ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.