Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1947

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2002-1947
Last Modified 05 Sep 2008 04:31:55
Published 31 Dec 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1947

Summary

Webmin 0.21 through 1.0 uses the same built-in SSL key for all installations, which allows remote attackers to eavesdrop or highjack the SSL session.

Vulnerable Systems

Application

  • Webmin 0.21

  • Webmin 0.22

  • Webmin 0.31

  • Webmin 0.41

  • Webmin 0.42

  • Webmin 0.51

  • Webmin 0.76

  • Webmin 0.77

  • Webmin 0.78

  • Webmin 0.79

  • Webmin 0.80

  • Webmin 0.85

  • Webmin 0.88

  • Webmin 0.91

  • Webmin 0.92

  • Webmin 0.93

  • Webmin 0.94

  • Webmin 0.95

  • Webmin 0.96

  • Webmin 0.97

  • Webmin 0.98

  • Webmin 0.99

  • Webmin 1.0.00


References

BID - 5936

XF - webmin-identical-ssl-keys(10381)

CONFIRM - http://www.webmin.com/changes.html

FREEBSD - FreeBSD-SA-02:06


Last Updated: 27 May 2016 10:37:32