Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0583

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-0583
Last Modified 05 Sep 2008 04:38:49
Published 06 Aug 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0583

Summary

The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords.

Vulnerable Systems

Operating System

  • Debian Linux 3.0

Application

  • Usermin 1.070

  • Webmin 1.1.40


References

BID - 10523

BID - 10474

XF - webmin-username-password-dos(16334)

CONFIRM - http://www.webmin.com/changes-1.150.html

MANDRAKE - MDKSA-2004:074

MISC - http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html

GENTOO - GLSA-200406-15

GENTOO - GLSA-200406-12

DEBIAN - DSA-526

BUGTRAQ - 20040611 [SNS Advisory No.75] Webmin/Usermin Account Lockout Bypass Vulnerability


Last Updated: 27 May 2016 10:38:40