Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Webmin / Usermin验证可绕过漏洞
Vulnerability Description
Webmin是澳大利亚软件开发者Jamie Cameron和Webmin社区共同开发的一套基于Web的用于类Unix操作系统中的系统管理工具。Usermin则设计用于操作用户级别的任务,允许Unix系统中用户简单的进行接收邮件,执行SSH,和邮件转发配置。 Webmin / Usermin验证机制处理存在漏洞,可导致远程攻击者在获取已知帐户的情况下无需密码访问系统。 Webmin / Usermin在建立或者验证Session ID,或在设置密码超时期间进程会出现父进程和使用有名管道的子进程间进行内部通信
CVSS Information
N/A
Vulnerability Type
N/A