CyberSec.Space Logo
Back to CVE Browser

CVE-2002-0757

HIGH
7.5
CVSS Severity Score
EPSS Score0.0730%
EPSS Percentile2.70th
PublishedAug 12, 2002
Last ModifiedApr 16, 2026

Vulnerability Description

(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations.

Affected Platforms (CPE)

πŸ“¦
Usermin

Usermin

= 0.7
πŸ“¦
Usermin

Usermin

= 0.8
πŸ“¦
Usermin

Usermin

= 0.9
πŸ“¦
Webmin

Webmin

= 0.91
πŸ“¦
Webmin

Webmin

= 0.92
πŸ“¦
Webmin

Webmin

= 0.92.1
πŸ“¦
Webmin

Webmin

= 0.93
πŸ“¦
Webmin

Webmin

= 0.94
πŸ“¦
Webmin

Webmin

= 0.95
πŸ“¦
Webmin

Webmin

= 0.96

References & Advisories

πŸ”— http://online.securityfocus.com/archive/1/271466
πŸ”— http://www.iss.net/security_center/static/9037.php
πŸ”— http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.php
πŸ”— http://www.securityfocus.com/bid/4700
πŸ”— http://online.securityfocus.com/archive/1/271466
πŸ”— http://www.iss.net/security_center/static/9037.php
πŸ”— http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.php
πŸ”— http://www.securityfocus.com/bid/4700

Related Vulnerabilities

CVE-2005-117710.0

Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuratio...

CVE-2003-010110.0

miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and...

CVE-2015-20799.9

Usermin 0.980 through 1.x before 1.660 allows uconfig_save.cgi sig_file_free remote code execution because it uses the two argumen...

CVE-2002-07567.5

Cross-site scripting vulnerability in the authentication page for (1) Webmin 0.96 and (2) Usermin 0.90 allows remote attackers to ...