Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0757

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0757
Last Modified 05 Sep 2008 04:28:52
Published 12 Aug 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0757

Summary

(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations.

Vulnerable Systems

Application

  • Usermin 0.7

  • Usermin 0.8

  • Usermin 0.9

  • Webmin 0.91

  • Webmin 0.92

  • Webmin 0.92.1

  • Webmin 0.93

  • Webmin 0.94

  • Webmin 0.95

  • Webmin 0.96


References

BID - 4700

MANDRAKE - MDKSA-2002:033

XF - webmin-usermin-sessionid-spoof(9037)

BUGTRAQ - 20020508 [SNS Advisory No.53] Webmin/Usermin Session ID Spoofing Vulnerability


Last Updated: 27 May 2016 10:37:04