The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which. Rated low severity (CVSS 3.6), this vulnerability is remotely exploitable. Public exploit code available.
Authentication Bypass
Samba
Ubuntu Linux
NVD
CVSS 2.0
3.6
EPSS
0.1%