• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Webmin / Usermin Remote PAM Authentication Bypass Vulnerability

Webmin and Usermin are susceptible to a remote PAM authentication bypass vulnerability. This issue is present in the 'miniserv.pl' Web server that is bundled with these applications.

Due to insufficient input validation, shell metacharacters may be employed to bypass the authentication mechanism.

Due to the nature of these applications, full system compromise is very likely after gaining access.