CVE-2002-0757
First published: Fri Jul 26 2002(Updated: )
(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Usermin Usermin | =0.9 | |
| Usermin Usermin | =0.8 | |
| Webmin Webmin | =0.96 | |
| Webmin Webmin | =0.93 | |
| Webmin Webmin | =0.92 | |
| Webmin Webmin | =0.95 | |
| Webmin Webmin | =0.94 | |
| Webmin Webmin | =0.91 | |
| Usermin Usermin | =0.7 | |
| Webmin Webmin | =0.92.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-historical
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/remedy
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/usermin
- canonical/usermin usermin
- version/usermin usermin/0.9
- version/usermin usermin/0.8
- vendor/webmin
- canonical/webmin webmin
- version/webmin webmin/0.96
- version/webmin webmin/0.93
- version/webmin webmin/0.92
- version/webmin webmin/0.95
- version/webmin webmin/0.94
- version/webmin webmin/0.91
- version/usermin usermin/0.7
- version/webmin webmin/0.92.1