Описание
(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations.
Ссылки
- ExploitPatchVendor Advisory
- PatchVendor Advisory
- Patch
- PatchVendor Advisory
- ExploitPatchVendor Advisory
- PatchVendor Advisory
- Patch
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:usermin:usermin:0.7:*:*:*:*:*:*:*
cpe:2.3:a:usermin:usermin:0.8:*:*:*:*:*:*:*
cpe:2.3:a:usermin:usermin:0.9:*:*:*:*:*:*:*
cpe:2.3:a:webmin:webmin:0.91:*:*:*:*:*:*:*
cpe:2.3:a:webmin:webmin:0.92:*:*:*:*:*:*:*
cpe:2.3:a:webmin:webmin:0.92.1:*:*:*:*:*:*:*
cpe:2.3:a:webmin:webmin:0.93:*:*:*:*:*:*:*
cpe:2.3:a:webmin:webmin:0.94:*:*:*:*:*:*:*
cpe:2.3:a:webmin:webmin:0.95:*:*:*:*:*:*:*
cpe:2.3:a:webmin:webmin:0.96:*:*:*:*:*:*:*
EPSS
Процентиль: 69%
0.00612
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
debian
около 23 лет назад
1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled al ...
github
больше 3 лет назад
(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations.
EPSS
Процентиль: 69%
0.00612
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other