Webmin Plaintext Authentication Credentials Disclosure Vulnerability

Webmin Plaintext Authentication Credentials Disclosure Vulnerability

Solution:
The vendor does not appear to have addressed this issue directly. The other known issue, which involves the creation of sensitive directories and files with insecure default permissions has been addressed in Webmin 0.93. Upgrading to the latest version may help to mitigate this issue. It should be noted that any and all authentication credentials should be changed once the upgrade is performed, to address the possibility of a previous exposure.

Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.