HTTP: Webmin Administrator Password Brute Force
This signature detects an attempt to brute-force a Webmin server into disclosing the Administrator's password.
Extended Description
Webmin is prone to multiple unspecified vulnerabilities that may allow an attacker to disclose sensitive information and carry out denial of service attacks against legitimate users of the application. The first issue can allow a user to disclose sensitive configuration information about any module regardless of the user's privileges. The second issue can allow an attacker to send fake credentials to the application that results in locking out legitimate users of Webmin. Webmin versions 1.140 and prior are affected by these issues.
Affected Products
Conectiva linux
Short Name
HTTP:PKG:WEBMIN-BRUTE
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Administrator Brute CVE-2004-0583 Force Password Webmin bid:10474
Release Date
08/04/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Webmin
Conectiva
Debian
CVSS Score
5.0