miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Usermin | Usermin | 0.91 | 0.91 |
| Usermin | Usermin | 0.9 | 0.9 |
| Webmin | Webmin | 1.0.60 | 1.0.60 |
| Usermin | Usermin | 0.8 | 0.8 |
| Usermin | Usermin | 0.97 | 0.97 |
| Usermin | Usermin | 0.99 | 0.99 |
| Usermin | Usermin | 0.6 | 0.6 |
| Usermin | Usermin | 0.96 | 0.96 |
| Usermin | Usermin | 0.5 | 0.5 |
| Usermin | Usermin | 0.7 | 0.7 |
| Usermin | Usermin | 0.4 | 0.4 |
| Usermin | Usermin | 0.93 | 0.93 |
| Usermin | Usermin | 0.94 | 0.94 |
| Usermin | Usermin | 0.95 | 0.95 |
| Usermin | Usermin | 0.98 | 0.98 |
| Guardian_digital_webtool | Engardelinux | 1.2 | 1.2 |
| Usermin | Usermin | 0.92 | 0.92 |
| Webmin | Webmin | 1.0.50 | 1.0.50 |