CVE-2002-0757

Name of the Vulnerable Software and Affected Versions Webmin version 0.96 Usermin version 0.90

Description The issue allows local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information. This can force the software to accept arbitrary username/session ID combinations.

Recommendations For Webmin version 0.96, update to a version that does not have the password timeout enabled or apply a configuration change to disable the vulnerable authentication mechanism. For Usermin version 0.90, update to a version that does not have the password timeout enabled or apply a configuration change to disable the vulnerable authentication mechanism. As a temporary workaround, consider restricting access to the authentication module to minimize the risk of exploitation.