Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2002-0757

(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations.

  • Published: Aug 12, 2002
  • Updated: Apr 13, 2023
  • CVE: CVE-2002-0757
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Software From Fixed in
usermin / usermin 0.9 0.9.x
usermin / usermin 0.8 0.8.x
webmin / webmin 0.96 0.96.x
webmin / webmin 0.93 0.93.x
webmin / webmin 0.92 0.92.x
webmin / webmin 0.95 0.95.x
webmin / webmin 0.94 0.94.x
webmin / webmin 0.91 0.91.x
usermin / usermin 0.7 0.7.x
webmin / webmin 0.92.1 0.92.1.x