CVE-2004-0583 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2004-0583
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2004-0583

Description: The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/16334 MISC http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html MANDRAKE http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml DEBIAN http://www.debian.org/security/2004/dsa-526 CONFIRM http://www.webmin.com/changes-1.150.html BUGTRAQ http://marc.theaimsgroup.com/?l=bugtraq&m=108737059313829&w=2 BID 10474 10523

Return to the previous page.