CVE-2002-1947 - OpenCVE

Webmin 0.21 through 1.0 uses the same built-in SSL key for all installations, which allows remote attackers to eavesdrop or highjack the SSL session.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Webmin	Webmin

Configuration 1 [-]

OR	cpe:2.3:a:webmin:webmin:0.21:::::::*
	cpe:2.3:a:webmin:webmin:0.22:::::::*
	cpe:2.3:a:webmin:webmin:0.31:::::::*
	cpe:2.3:a:webmin:webmin:0.41:::::::*
	cpe:2.3:a:webmin:webmin:0.42:::::::*
	cpe:2.3:a:webmin:webmin:0.51:::::::*
	cpe:2.3:a:webmin:webmin:0.76:::::::*
	cpe:2.3:a:webmin:webmin:0.77:::::::*
	cpe:2.3:a:webmin:webmin:0.78:::::::*
	cpe:2.3:a:webmin:webmin:0.79:::::::*
	cpe:2.3:a:webmin:webmin:0.80:::::::*
	cpe:2.3:a:webmin:webmin:0.85:::::::*
	cpe:2.3:a:webmin:webmin:0.88:::::::*
	cpe:2.3:a:webmin:webmin:0.91:::::::*
	cpe:2.3:a:webmin:webmin:0.92:::::::*
	cpe:2.3:a:webmin:webmin:0.93:::::::*
	cpe:2.3:a:webmin:webmin:0.94:::::::*
	cpe:2.3:a:webmin:webmin:0.95:::::::*
	cpe:2.3:a:webmin:webmin:0.96:::::::*
	cpe:2.3:a:webmin:webmin:0.97:::::::*
	cpe:2.3:a:webmin:webmin:0.98:::::::*
	cpe:2.3:a:webmin:webmin:0.99:::::::*
	cpe:2.3:a:webmin:webmin:1.0.00:::::::*

References

Link	Resource
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A06.asc
http://www.iss.net/security_center/static/10381.php	Patch
http://www.securityfocus.com/bid/5936	Patch
http://www.webmin.com/changes.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2005-06-28T04:00:00

Updated: 2021-06-15T16:39:43

Reserved: 2005-06-29T00:00:00

Link: CVE-2002-1947

JSON object: View

NVD Information

Status : Analyzed

Published: 2002-12-31T05:00:00.000

Modified: 2008-09-05T20:31:55.637

Link: CVE-2002-1947

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2002-10-08T00:00:00", "descriptions": [{"lang": "en", "value": "Webmin 0.21 through 1.0 uses the same built-in SSL key for all installations, which allows remote attackers to eavesdrop or highjack the SSL session."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-06-15T16:39:43", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "webmin-identical-ssl-keys(10381)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/10381.php"}, {"name": "5936", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/5936"}, {"name": "FreeBSD-SA-02:06", "tags": ["vendor-advisory", "x_refsource_FREEBSD"], "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A06.asc"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.webmin.com/changes.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-1947", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Webmin 0.21 through 1.0 uses the same built-in SSL key for all installations, which allows remote attackers to eavesdrop or highjack the SSL session."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "webmin-identical-ssl-keys(10381)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/10381.php"}, {"name": "5936", "refsource": "BID", "url": "http://www.securityfocus.com/bid/5936"}, {"name": "FreeBSD-SA-02:06", "refsource": "FREEBSD", "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A06.asc"}, {"name": "http://www.webmin.com/changes.html", "refsource": "CONFIRM", "url": "http://www.webmin.com/changes.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-1947", "datePublished": "2005-06-28T04:00:00", "dateReserved": "2005-06-29T00:00:00", "dateUpdated": "2021-06-15T16:39:43", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:webmin:webmin:0.21:*:*:*:*:*:*:*", "matchCriteriaId": "84B5A02C-96AB-46FD-A958-86AC0DFD1F2A", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:0.22:*:*:*:*:*:*:*", "matchCriteriaId": "BB1B8073-C512-4ACA-8E3F-92D46D63FBCF", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:0.31:*:*:*:*:*:*:*", "matchCriteriaId": "B368FAD0-39A7-4115-9327-1D32BECF2F7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:0.41:*:*:*:*:*:*:*", "matchCriteriaId": "2B3D7B7A-0426-4176-A759-E96024DC492D", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:0.42:*:*:*:*:*:*:*", "matchCriteriaId": "1E3EFDEE-A99B-4D0E-B6A7-E7C285A5DFBC", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:0.51:*:*:*:*:*:*:*", "matchCriteriaId": "50C3D4D4-246A-4287-AA42-CFDD0C1AE22A", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:0.76:*:*:*:*:*:*:*", "matchCriteriaId": "F05CF0BA-0606-42E5-A631-D302FF1D59F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:0.77:*:*:*:*:*:*:*", "matchCriteriaId": "6A79B7B3-708A-42E4-B4EF-7746F6292DB5", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:0.78:*:*:*:*:*:*:*", "matchCriteriaId": "E2F06BC0-0418-4A1C-BD4A-B7429A6CEA39", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:0.79:*:*:*:*:*:*:*", "matchCriteriaId": "1817FDA9-31F4-4D4A-A867-386D2F1CDB1C", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:0.80:*:*:*:*:*:*:*", "matchCriteriaId": "23522A64-FD03-4C5B-9A8A-5E7CDDC65CEE", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:0.85:*:*:*:*:*:*:*", "matchCriteriaId": "E9A3F522-6E6D-446C-8694-7AE91F19F1C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:0.88:*:*:*:*:*:*:*", "matchCriteriaId": "DBB86BC7-4A99-4C5B-9460-CDDA7C4E4041", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:0.91:*:*:*:*:*:*:*", "matchCriteriaId": "0B0813F3-1886-481E-8822-4BD199C4934F", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:0.92:*:*:*:*:*:*:*", "matchCriteriaId": "6D25A7CA-ED9D-4562-8965-D4906D1BE5FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:0.93:*:*:*:*:*:*:*", "matchCriteriaId": "C1F2D028-F2F9-4CE0-A24B-7DB44D488D4E", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:0.94:*:*:*:*:*:*:*", "matchCriteriaId": "82EE7A9B-5688-4933-95B9-476873D44A65", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:0.95:*:*:*:*:*:*:*", "matchCriteriaId": "30A57D7A-B989-4D82-B667-029A245AA6D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:0.96:*:*:*:*:*:*:*", "matchCriteriaId": "C664186B-DD40-490B-B2DE-4279B00102F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:0.97:*:*:*:*:*:*:*", "matchCriteriaId": "88E1D6C5-20FE-4514-B618-312BB19E5F6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:0.98:*:*:*:*:*:*:*", "matchCriteriaId": "B5017EA5-7188-4293-9FDF-5D23DCB40B12", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:0.99:*:*:*:*:*:*:*", "matchCriteriaId": "FF6C5F07-330D-46C5-8A8B-8DF734F4640F", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.0.00:*:*:*:*:*:*:*", "matchCriteriaId": "2B4A574A-5B2A-4769-B932-E1736564160A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Webmin 0.21 through 1.0 uses the same built-in SSL key for all installations, which allows remote attackers to eavesdrop or highjack the SSL session."}], "id": "CVE-2002-1947", "lastModified": "2008-09-05T20:31:55.637", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2002-12-31T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A06.asc"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.iss.net/security_center/static/10381.php"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/5936"}, {"source": "cve@mitre.org", "url": "http://www.webmin.com/changes.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}