(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations.
References
Link | Resource |
---|---|
http://online.securityfocus.com/archive/1/271466 | Exploit Patch Vendor Advisory |
http://www.iss.net/security_center/static/9037.php | Patch Vendor Advisory |
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.php | Patch |
http://www.securityfocus.com/bid/4700 | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2002-07-26T04:00:00
Updated: 2002-07-31T09:00:00
Reserved: 2002-07-25T00:00:00
Link: CVE-2002-0757
JSON object: View
NVD Information
Status : Analyzed
Published: 2002-08-12T04:00:00.000
Modified: 2008-09-05T20:28:52.287
Link: CVE-2002-0757
JSON object: View
Redhat Information
No data.
CWE