Insecure Permissions in Webmin 0.92 RPM Installation Could Lead to Session Hijacking

Insecure Permissions in Webmin 0.92 RPM Installation Could Lead to Session Hijacking

CVE-2002-1672 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

Webmin 0.92, when installed from an RPM, creates /var/webmin with insecure permissions (world readable), which could allow local users to read the root user's cookie-based authentication credentials and possibly hijack the root user's session using the credentials.

Learn more about our User Device Pen Test.