How severe is CVE-2016-0128?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2016-0128?

This is classified as CWE-254, which is a common weakness in software security.

CVE-2016-0128 - MEDIUM Severity | CVSS 6.8

Vulnerability Description

The SAM and LSAD protocol implementations in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 do not properly establish an RPC channel, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "Windows SAM and LSAD Downgrade Vulnerability" or "BADLOCK."

Related Vulnerabilities

CVE-2015-6592

MEDIUM

CVSS:6.8(Medium)

Huawei UAP2105 before V300R012C00SPC160(BootRom) does not require authentication to the serial port or the VxWorks shell.

CWE-2542015

CVE-2016-10443

MEDIUM

CVSS:6.8(Medium)

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MSM8909W, ...

CWE-2542016

CVE-2016-2312

MEDIUM

CVSS:6.8(Medium)

Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again.

CWE-2542016

CVE-2016-4781

MEDIUM

CVSS:6.8(Medium)

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "SpringBoard" component, which allows physically proximate attackers to bypass the passcode attem...

CWE-2542016

CVE-2016-7601

MEDIUM

CVSS:6.8(Medium)

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Local Authentication" component, which does not honor the configured screen-lock time interval i...

CWE-2542016

CVE-2016-9111

MEDIUM

CVSS:6.8(Medium)

Incorrect access control mechanisms in Citrix Receiver Desktop Lock 4.5 allow an attacker to bypass the authentication requirement by leveraging physical access to a VDI for temporary disconnection of...

CWE-2542016