CVE-2002-0757
 
Severity Score
7.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations.
Webmin 0.96 y Usermin 0.90 con tiempo de espera para contraseñas habilitado, permite a atacantes locales y posiblemente a remotos, evitar la autenticación y obtener privilegios mediante ciertos caracteres de control en la información de autenticación, que podría forzar a Webmin o Usermin a aceptar combinaciones arbitrarias de usuario/sesión (username/session ID).
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2002-07-25 CVE Reserved
- 2002-07-26 CVE Published
- 2023-12-04 EPSS Updated
- 2024-08-08 CVE Updated
- 2024-08-08 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (4)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
http://online.securityfocus.com/archive/1/271466 | 2024-08-08 |
URL | Date | SRC |
---|---|---|
http://www.iss.net/security_center/static/9037.php | 2008-09-05 | |
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.php | 2008-09-05 | |
http://www.securityfocus.com/bid/4700 | 2008-09-05 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Usermin Search vendor "Usermin" | Usermin Search vendor "Usermin" for product "Usermin" | 0.7 Search vendor "Usermin" for product "Usermin" and version "0.7" | - |
Affected
| ||||||
Usermin Search vendor "Usermin" | Usermin Search vendor "Usermin" for product "Usermin" | 0.8 Search vendor "Usermin" for product "Usermin" and version "0.8" | - |
Affected
| ||||||
Usermin Search vendor "Usermin" | Usermin Search vendor "Usermin" for product "Usermin" | 0.9 Search vendor "Usermin" for product "Usermin" and version "0.9" | - |
Affected
| ||||||
Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.91 Search vendor "Webmin" for product "Webmin" and version "0.91" | - |
Affected
| ||||||
Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.92 Search vendor "Webmin" for product "Webmin" and version "0.92" | - |
Affected
| ||||||
Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.92.1 Search vendor "Webmin" for product "Webmin" and version "0.92.1" | - |
Affected
| ||||||
Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.93 Search vendor "Webmin" for product "Webmin" and version "0.93" | - |
Affected
| ||||||
Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.94 Search vendor "Webmin" for product "Webmin" and version "0.94" | - |
Affected
| ||||||
Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.95 Search vendor "Webmin" for product "Webmin" and version "0.95" | - |
Affected
| ||||||
Webmin Search vendor "Webmin" | Webmin Search vendor "Webmin" for product "Webmin" | 0.96 Search vendor "Webmin" for product "Webmin" and version "0.96" | - |
Affected
|