The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote malicious users to conduct a brute force attack to guess user IDs and passwords.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
usermin usermin 1.070 |
||
webmin webmin 1.1.40 |
||
debian debian linux 3.0 |