Vulnerability Name:

CVE-2004-0583 (CCN-16334)

Assigned:2004-06-07
Published:2004-06-07
Updated:2017-07-11
Summary:The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2004-0583

Source: BUGTRAQ
Type: UNKNOWN
20040611 [SNS Advisory No.75] Webmin/Usermin Account Lockout Bypass Vulnerability

Source: CCN
Type: CIAC Information Bulletin 0-173
Debian Webmin Vulnerabilities

Source: DEBIAN
Type: UNKNOWN
DSA-526

Source: DEBIAN
Type: DSA-526
webmin -- several vulnerabilities

Source: CCN
Type: GLSA-200406-12
Webmin: Multiple vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200406-12

Source: CCN
Type: GLSA-200406-15
Usermin: Multiple vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200406-15

Source: MISC
Type: UNKNOWN
http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html

Source: CCN
Type: GLSA 200406-12
Webmin: Multiple vulnerabilities

Source: CCN
Type: GLSA 200406-15
Usermin: Multiple vulnerabilities

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2004:074

Source: CCN
Type: OSVDB ID: 6729
Webmin Arbitrary Account Lock DoS

Source: BID
Type: Patch, Vendor Advisory
10474

Source: CCN
Type: BID-10474
Webmin Multiple Unspecified Vulnerabilities

Source: CCN
Type: BID-10521
Usermin HTML Email Script Code Execution Vulnerability

Source: BID
Type: Patch, Vendor Advisory
10523

Source: CCN
Type: BID-10523
Webmin And Usermin Account Lockout Bypass Vulnerability

Source: CCN
Type: TLSA-2005-20
Multiple vulnerabilities exist in webmin

Source: CONFIRM
Type: UNKNOWN
http://www.webmin.com/changes-1.150.html

Source: CCN
Type: Webmin Web site
Downloading and Installing

Source: XF
Type: UNKNOWN
webmin-username-password-dos(16334)

Source: XF
Type: UNKNOWN
webmin-username-password-dos(16334)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:usermin:usermin:1.070:*:*:*:*:*:*:*
  • OR cpe:/a:webmin:webmin:1.1.40:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:arm:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:mips:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:gentoo:webmin:1.140:*:*:*:*:*:*:*
  • AND
  • cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.1:*:ppc:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.debian:def:526
    V
    		several vulnerabilities
    2004-07-03
    BACK
    usermin usermin 1.070
    webmin webmin 1.1.40
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    gentoo webmin 1.140
    debian debian linux 3.0
    gentoo linux *
    mandrakesoft mandrake linux corporate server 2.1
    mandrakesoft mandrake linux 9.1
    mandrakesoft mandrake linux 9.2
    mandrakesoft mandrake linux 10.0
    mandrakesoft mandrake linux 9.1
    mandrakesoft mandrake linux 9.2
    mandrakesoft mandrake linux 10.0
    mandrakesoft mandrake linux corporate server 2.1