|
|
Subscribe / Log in / New account

Backdoors in Webmin

Backdoors in Webmin

[Security] Posted Aug 22, 2019 13:14 UTC (Thu) by corbet

Anybody using Webmin, a web-based system-administration tool, will want to update now, as it turns out that the system has been backdoored for over a year. "At some time in April 2018, the Webmin development build server was exploited and a vulnerability added to the password_change.cgi script. Because the timestamp on the file was set back, it did not show up in any Git diffs. This was included in the Webmin 1.890 release."

Comments (24 posted)


Copyright © 2019, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds