Backdoors in Webmin
Backdoors in Webmin
[Security] Posted Aug 22, 2019 13:14 UTC (Thu) by corbet
Anybody using Webmin, a web-based
system-administration tool, will want to update now, as it turns out that
the system has been
backdoored for over a year. "At some time in April 2018, the
Webmin development build server was exploited and a vulnerability added to
the password_change.cgi script. Because the timestamp on the file was set
back, it did not show up in any Git diffs. This was included in the Webmin
1.890 release.
"