Vulnerability Details CVE-2002-0757
(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 62.5%
CVSS Severity
CVSS v2 Score 7.5
References
- http://online.securityfocus.com/archive/1/271466
- http://www.iss.net/security_center/static/9037.php
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.php
- http://www.securityfocus.com/bid/4700
- http://online.securityfocus.com/archive/1/271466
- http://www.iss.net/security_center/static/9037.php
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.php
- http://www.securityfocus.com/bid/4700
Products affected by CVE-2002-0757
-
cpe:2.3:a:usermin:usermin:0.7
-
cpe:2.3:a:usermin:usermin:0.8
-
cpe:2.3:a:usermin:usermin:0.9
-
cpe:2.3:a:webmin:webmin:0.91
-
cpe:2.3:a:webmin:webmin:0.92
-
cpe:2.3:a:webmin:webmin:0.92.1
-
cpe:2.3:a:webmin:webmin:0.93
-
cpe:2.3:a:webmin:webmin:0.94
-
cpe:2.3:a:webmin:webmin:0.95
-
cpe:2.3:a:webmin:webmin:0.96