How severe is CVE-2016-0049?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.2 out of 10.

What type of vulnerability is CVE-2016-0049?

This is classified as CWE-255, which is a common weakness in software security.

CVE-2016-0049 - MEDIUM Severity | CVSS 6.2

Vulnerability Description

Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 does not properly validate password changes, which allows remote attackers to bypass authentication by deploying a crafted Key Distribution Center (KDC) and then performing a sign-in action, aka "Windows Kerberos Security Feature Bypass."

Related Vulnerabilities

CVE-2015-8675

MEDIUM

CVSS:6.2(Medium)

Huawei S5300 Campus Series switches with software before V200R005SPH008 do not mask the password when uploading files, which allows physically proximate attackers to obtain sensitive password informat...

CWE-2552015

CVE-2021-28508

MEDIUM

CVSS:6.1(Medium)

This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is...

CWE-2552021

CVE-2021-28509

MEDIUM

CVSS:6.1(Medium)

CWE-2552021

CVE-2015-4684

MEDIUM

CVSS:6.5(Medium)

Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. (dot dot) in the Modif...

CWE-2552015

CVE-2016-10821

MEDIUM

CVSS:6.5(Medium)

In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75).

CWE-2552016

CVE-2016-5950

MEDIUM

CVSS:6.5(Medium)

IBM Kenexa LCMS Premier on Cloud stores user credentials in plain in clear text which can be read by an authenticated user.

CWE-2552016