The ebuild of Webmin prior to 1.170-r3 on Gentoo Linux includes the encrypted root password in the miniserv.users file when building a tbz2 of the webmin package, which allows remote malicious users to obtain and possibly crack the encrypted password.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gentoo webmin 1.150 |
||
gentoo webmin 1.160 |
||
gentoo webmin 1.140 |
||
gentoo webmin 1.170 |