miniserv.pl in Webmin prior to 1.230 and Usermin prior to 1.160, when "full PAM conversations" is enabled, allows remote malicious users to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
webmin webmin 1.2.20 |
||
usermin usermin 1.150 |