{"id":"CVE-2018-16860","details":"A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC effectively obtaining a ticket for that principal.","modified":"2026-03-20T11:21:45.796266Z","published":"2019-07-31T15:15:11.687Z","related":["openSUSE-SU-2019:1682-1","openSUSE-SU-2019:1688-1","openSUSE-SU-2019:1888-1","openSUSE-SU-2024:10946-1","openSUSE-SU-2024:11365-1"],"references":[{"type":"WEB","url":"https://seclists.org/bugtraq/2019/Aug/21"},{"type":"WEB","url":"https://seclists.org/bugtraq/2019/Aug/23"},{"type":"WEB","url":"https://seclists.org/bugtraq/2019/Aug/25"},{"type":"WEB","url":"https://support.apple.com/HT210348"},{"type":"WEB","url":"https://support.apple.com/HT210353"},{"type":"WEB","url":"https://seclists.org/bugtraq/2019/Aug/22"},{"type":"WEB","url":"http://seclists.org/fulldisclosure/2019/Aug/11"},{"type":"WEB","url":"https://support.apple.com/HT210351"},{"type":"WEB","url":"http://seclists.org/fulldisclosure/2019/Aug/14"},{"type":"WEB","url":"http://seclists.org/fulldisclosure/2019/Aug/15"},{"type":"WEB","url":"https://support.apple.com/HT210346"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00026.html"},{"type":"WEB","url":"http://seclists.org/fulldisclosure/2019/Aug/13"},{"type":"ADVISORY","url":"https://www.samba.org/samba/security/CVE-2018-16860.html"},{"type":"ADVISORY","url":"https://www.synology.com/security/advisory/Synology_SA_19_23"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202003-52"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16860"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/heimdal/heimdal","events":[{"introduced":"e19bf4f5370315f812cde7a196368fccb5ca0fea"},{"last_affected":"3e58559362dd3f485e6d6659d587a9169a131391"}],"database_specific":{"versions":[{"introduced":"0.8"},{"last_affected":"7.5.0"}]}},{"type":"GIT","repo":"https://github.com/samba-team/samba","events":[{"introduced":"5a9d09fee44052e18ce241ec28f78498d2e20d73"},{"fixed":"a72d4598bf4a2186769f25050663f4779ea581e0"},{"introduced":"4fc4ae2924aaa2fc184b7385069274526fa8a4c2"},{"fixed":"9dfd4419b50b17ed916957372829057af8e27893"},{"introduced":"25f2fe02a615e2cf906b6fa495acd8ea0aa9998a"},{"fixed":"70a164b3214026fe6f94c7b4c468c49d0557e2e5"}],"database_specific":{"versions":[{"introduced":"4.8.0"},{"fixed":"4.8.12"},{"introduced":"4.9.0"},{"fixed":"4.9.8"},{"introduced":"4.10.0"},{"fixed":"4.10.3"}]}}],"versions":["ldb-1.3.3","ldb-1.3.4","ldb-1.3.5","ldb-1.3.6","ldb-1.3.7","ldb-1.3.8","ldb-1.4.3","ldb-1.4.4","ldb-1.4.5","ldb-1.4.6","samba-4.10.0","samba-4.10.1","samba-4.10.2","samba-4.8.0","samba-4.8.1","samba-4.8.10","samba-4.8.11","samba-4.8.2","samba-4.8.3","samba-4.8.4","samba-4.8.5","samba-4.8.6","samba-4.8.7","samba-4.8.8","samba-4.8.9","samba-4.9.0","samba-4.9.1","samba-4.9.2","samba-4.9.3","samba-4.9.4","samba-4.9.5","samba-4.9.6","samba-4.9.7"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-16860.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}