Webmin 0.21 through 1.0 uses the same built-in SSL key for all installations, which allows remote attackers to eavesdrop or highjack the SSL session.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Webmin | Webmin | 0.21 (including) | 0.21 (including) |
| Webmin | Webmin | 0.22 (including) | 0.22 (including) |
| Webmin | Webmin | 0.31 (including) | 0.31 (including) |
| Webmin | Webmin | 0.41 (including) | 0.41 (including) |
| Webmin | Webmin | 0.42 (including) | 0.42 (including) |
| Webmin | Webmin | 0.51 (including) | 0.51 (including) |
| Webmin | Webmin | 0.76 (including) | 0.76 (including) |
| Webmin | Webmin | 0.77 (including) | 0.77 (including) |
| Webmin | Webmin | 0.78 (including) | 0.78 (including) |
| Webmin | Webmin | 0.79 (including) | 0.79 (including) |
| Webmin | Webmin | 0.80 (including) | 0.80 (including) |
| Webmin | Webmin | 0.85 (including) | 0.85 (including) |
| Webmin | Webmin | 0.88 (including) | 0.88 (including) |
| Webmin | Webmin | 0.91 (including) | 0.91 (including) |
| Webmin | Webmin | 0.92 (including) | 0.92 (including) |
| Webmin | Webmin | 0.93 (including) | 0.93 (including) |
| Webmin | Webmin | 0.94 (including) | 0.94 (including) |
| Webmin | Webmin | 0.95 (including) | 0.95 (including) |
| Webmin | Webmin | 0.96 (including) | 0.96 (including) |
| Webmin | Webmin | 0.97 (including) | 0.97 (including) |
| Webmin | Webmin | 0.98 (including) | 0.98 (including) |
| Webmin | Webmin | 0.99 (including) | 0.99 (including) |
| Webmin | Webmin | 1.0.00 (including) | 1.0.00 (including) |
References
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A06.asc
- http://www.iss.net/security_center/static/10381.php
- http://www.securityfocus.com/bid/5936
- http://www.webmin.com/changes.html
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A06.asc
- http://www.iss.net/security_center/static/10381.php
- http://www.securityfocus.com/bid/5936
- http://www.webmin.com/changes.html