CVE Vulnerabilities

CVE-2005-3042

Published: Sep 22, 2005 | Modified: Nov 21, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
UNTRIAGED

miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when full PAM conversations is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).

Affected Software

Name Vendor Start Version End Version
Usermin Usermin 1.150 (including) 1.150 (including)
Webmin Webmin 1.2.20 (including) 1.2.20 (including)

References