Back to search
CVE-2002-0757
Published: Jul 26, 2002
Modified: Aug 8, 2024
PUBLISHED
Description
(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
webmin-usermin-sessionid-spoof(9037)
vdb-entry
x_refsource_XF
4700
vdb-entry
x_refsource_BID
MDKSA-2002:033
vendor-advisory
x_refsource_MANDRAKE
20020508 [SNS Advisory No.53] Webmin/Usermin Session ID Spoofing Vulnerability
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now