CVE-2002-1672 Information

Description

Webmin 0.92 when installed from an RPM creates /var/webmin with insecure permissions (world readable) which could allow local users to read the root user’s cookie-based authentication credentials and possibly hijack the root user’s session using the credentials.

Reference

http://online.securityfocus.com/archive/1/263181 http://www.securityfocus.com/bid/4328 http://www.webmin.com/changes.html https://exchange.xforce.ibmcloud.com/vulnerabilities/8595