Vulnerability Description
(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Usermin | Usermin | 0.7 |
| Webmin | Webmin | 0.91 |
References
- http://online.securityfocus.com/archive/1/271466ExploitPatchVendor Advisory
- http://www.iss.net/security_center/static/9037.phpPatchVendor Advisory
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.phpPatch
- http://www.securityfocus.com/bid/4700PatchVendor Advisory
- http://online.securityfocus.com/archive/1/271466ExploitPatchVendor Advisory
- http://www.iss.net/security_center/static/9037.phpPatchVendor Advisory
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.phpPatch
- http://www.securityfocus.com/bid/4700PatchVendor Advisory
FAQ
What is CVE-2002-0757?
CVE-2002-0757 is a vulnerability with a CVSS score of 7.5 (HIGH). (1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authent...
How severe is CVE-2002-0757?
CVE-2002-0757 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0757?
Check the references section above for vendor advisories and patch information. Affected products include: Usermin Usermin, Webmin Webmin.