- Description
- The ebuild of Webmin before 1.170-r3 on Gentoo Linux includes the encrypted root password in the miniserv.users file when building a tbz2 of the webmin package, which allows remote attackers to obtain and possibly crack the encrypted password.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.140:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "708F7A39-3D58-4E48-AE71-A4892CB742F6"
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.150:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6FE40C73-F154-4F99-B34D-48B1D090CF9D"
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.160:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9BE77AF8-2706-40D4-B094-ECA970F7CE4D"
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.170:r1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0540FAE3-5D20-4417-B6F1-15E8BF856D41"
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.170:r2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AE50EE6A-5CD3-4F2A-BBE1-2F32F4FBFAB2"
}
],
"operator": "OR"
}
]
}
]