Insecure Permissions in Webmin 0.92 RPM Installation Could Lead to Session Hijacking
CVE-2002-1672 · LOW Severity
AV:L/AC:L/AU:N/C:P/I:N/A:N
Webmin 0.92, when installed from an RPM, creates /var/webmin with insecure permissions (world readable), which could allow local users to read the root user's cookie-based authentication credentials and possibly hijack the root user's session using the credentials.
Learn more about our User Device Pen Test.