Fedora Account System
Red Hat Associate
Red Hat Customer
When using custom LDAP attributes, Samba seems to recognize the searchFlags confidential flag on custom attributes and hides them from all non-admin users. However, the values of the attributes can still be guessed efficiently by brute forcing them one character after another in a wildcard search query.
External Reference: https://www.samba.org/samba/security/CVE-2018-10919.html
Created samba tracking bugs for this issue: Affects: fedora-all [bug 1617911]
Acknowledgments: Name: Phillip Kuhrt (the Samba project)
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-10919