Webmin Authentication Information Leakage Vulnerability

Webmin Authentication Information Leakage Vulnerability

CVE-2001-1074 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges.

Learn more about our Cis Benchmark Audit For Server Software.