CVE-2002-1947 Information

Description

Webmin 0.21 through 1.0 uses the same built-in SSL key for all installations which allows remote attackers to eavesdrop or highjack the SSL session.

Reference

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-023A06.asc http://www.iss.net/security_center/static/10381.php http://www.securityfocus.com/bid/5936 http://www.webmin.com/changes.html