Vulnerabilities > CVE-2004-0583 - Multiple Unspecified vulnerability in Webmin

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
usermin
webmin
debian
nessus

Summary

The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords.

Vulnerable Configurations

Part Description Count
Application
Usermin
1
Application
Webmin
1
OS
Debian
12

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200406-12.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200406-12 (Webmin: Multiple vulnerabilities) Webmin contains two security vulnerabilities. One allows any user to view the configuration of any module and the other could allow an attacker to lock out a valid user by sending an invalid username and password. Impact : An authenticated user could use these vulnerabilities to view the configuration of any module thus potentially obtaining important knowledge about configuration settings. Furthermore, an attacker could lock out legitimate users by sending invalid login information. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id14523
    published2004-08-30
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14523
    titleGLSA-200406-12 : Webmin: Multiple vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 200406-12.
    #
    # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(14523);
      script_version("1.16");
      script_cvs_date("Date: 2019/08/02 13:32:41");
    
      script_cve_id("CVE-2004-0582", "CVE-2004-0583");
      script_bugtraq_id(10474);
      script_xref(name:"GLSA", value:"200406-12");
    
      script_name(english:"GLSA-200406-12 : Webmin: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-200406-12
    (Webmin: Multiple vulnerabilities)
    
        Webmin contains two security vulnerabilities. One allows any user to
        view the configuration of any module and the other could allow an
        attacker to lock out a valid user by sending an invalid username and
        password.
      
    Impact :
    
        An authenticated user could use these vulnerabilities to view the
        configuration of any module thus potentially obtaining important
        knowledge about configuration settings. Furthermore, an attacker could
        lock out legitimate users by sending invalid login information.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.webmin.com/changes-1.150.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200406-12"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Webmin users should upgrade to the latest stable version:
        # emerge sync
        # emerge -pv '>=app-admin/app-admin/webmin-1.150'
        # emerge '>=app-admin/app-admin/webmin-1.150'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:webmin");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2004/06/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/30");
      script_set_attribute(attribute:"vuln_publication_date", value:"2004/06/03");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"app-admin/webmin", unaffected:make_list("ge 1.150"), vulnerable:make_list("le 1.140-r1"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Webmin");
    }
    
  • NASL familyCGI abuses
    NASL idWEBMIN_1_150.NASL
    descriptionAccording to its self-reported version, the Webmin install hosted on the remote host is 1.140. It is, therefore, affected by multiple vulnerabilities.
    last seen2020-06-01
    modified2020-06-02
    plugin id108545
    published2018-03-22
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108545
    titleWebmin 1.140 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(108545);
      script_version("1.4");
      script_cvs_date("Date: 2019/11/08");
    
      script_cve_id("CVE-2004-0582", "CVE-2004-0583");
      script_bugtraq_id(10522, 10523);
    
      script_name(english:"Webmin 1.140 Multiple Vulnerabilities");
      script_summary(english:"Checks version of Webmin.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote web server is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "According to its self-reported version, the Webmin install hosted on
    the remote host is 1.140. It is, therefore, affected by multiple
    vulnerabilities.");
      script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/bid/10522");
      script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/bid/10523");
      script_set_attribute(attribute:"see_also", value:"http://www.webmin.com/changes-1.150.html");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Webmin 1.150 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2004/08/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2004/08/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/22");
    
      script_set_attribute(attribute:"potential_vulnerability", value:"true");
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:webmin:webmin");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"CGI abuses");
    
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("webmin.nasl");
      script_require_keys("www/webmin", "Settings/ParanoidReport");
      script_require_ports("Services/www", 10000);
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    
    app = 'Webmin';
    port = get_http_port(default:10000, embedded: TRUE);
    
    get_kb_item_or_exit('www/'+port+'/webmin');
    version = get_kb_item_or_exit('www/webmin/'+port+'/version', exit_code:1);
    source = get_kb_item_or_exit('www/webmin/'+port+'/source', exit_code:1);
    
    if (report_paranoia < 2) audit(AUDIT_PARANOID);
    
    dir = "/";
    install_url = build_url(port:port, qs:dir);
    
    fix = "1.150";
    
    if (ver_compare(ver:version, fix:"1.140", strict:FALSE) == 0)
    {
      report =
        '\n  URL               : ' + install_url +
        '\n  Version Source    : ' + source +
        '\n  Installed version : ' + version +
        '\n  Fixed version     : ' + fix + '\n';
    
      security_report_v4(severity:SECURITY_WARNING, port:port, extra:report);
    }
    else audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2004-074.NASL
    descriptionUnknown vulnerability in Webmin 1.140 allows remote attackers to bypass access control rules and gain read access to configuration information for a module. (CVE-2004-0582) The account lockout functionality in Webmin 1.140 does not parse certain character strings, which allows remote attackers to conduct a brute-force attack to guess user IDs and passwords. (CVE-2004-0583) The updated packages are patched to correct the problem.
    last seen2020-06-01
    modified2020-06-02
    plugin id14172
    published2004-07-31
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14172
    titleMandrake Linux Security Advisory : webmin (MDKSA-2004:074)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200406-15.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200406-15 (Usermin: Multiple vulnerabilities) Usermin contains two security vulnerabilities. One fails to properly sanitize email messages that contain malicious HTML or script code and the other could allow an attacker to lock out a valid user by sending an invalid username and password. Impact : By sending a specially crafted e-mail, an attacker can execute arbitrary scripts running in the context of the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id14526
    published2004-08-30
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14526
    titleGLSA-200406-15 : Usermin: Multiple vulnerabilities
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-526.NASL
    descriptionTwo vulnerabilities were discovered in webmin : CAN-2004-0582: Unknown vulnerability in Webmin 1.140 allows remote attackers to bypass access control rules and gain read access to configuration information for a module. CAN-2004-0583: The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute-force attack to guess user IDs and passwords.
    last seen2020-06-01
    modified2020-06-02
    plugin id15363
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15363
    titleDebian DSA-526-1 : webmin - several vulnerabilities