CVE-1999-1074 Information

Description

Webmin before 0.5 does not restrict the number of invalid passwords that are entered for a valid username which could allow remote attackers to gain privileges via brute force password cracking.

Reference

http://www.securityfocus.com/archive/1/9138 http://www.securityfocus.com/bid/98 http://www.webmin.com/webmin/changes.html