lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <200412231035.00600.mm@mewes.tv>
Date: Thu, 23 Dec 2004 10:34:59 +0100
From: Martin Mewes <mm@...es.tv>
To: bugtraq@...urityfocus.com
Cc: jcameron@...min.com, DiAblo_2@....net.il,
	webadmin-list@...ts.sourceforge.net
Subject: [webmin-l] Re: Webmin BruteForce + Command execution - By Di42lo <DiAblo_2@....net.il>


Hello,

amit sides <DiAblo_2@....net.il> wrote :
> #!/usr/bin/perl
> ##
> # Webmin BruteForce + Command execution - By Di42lo
> <DiAblo_2@....net.il> #
> # usage
> # ./bruteforce.webmin.pl <host> <command>
[...]

this is a message from the maintainer ...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I haven't seen this one before - but it would be blocked by Webmin's
password timeouts feature. However, this feature (surprisingly!) isn't
enabled by default ... 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

On behalf of the maintainer I appreciate every input to secure the 
software to its extend. Future versions of Webmin (if needed Usermin 
too) will have this feature enabled by default.

With this we encourage everyone using Webmin to enable this feature to 
avoid a possible break-in.

Again, we would like to tell the OP of this that it would be really nice 
to know first about such issues, so we are ablte to / can do a 
(full-)disclosure on items.
   
   
bis dahin/kind regards
   
Martin Mewes - Webmin Translation Team
   
-- 
I'm not really out of the office. I'm just ignoring you.


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
-
Forwarded by the Webmin mailing list at webadmin-list@...ts.sourceforge.net
To remove yourself from this list, go to
http://lists.sourceforge.net/lists/listinfo/webadmin-list

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ