Get a Pentest and security assessment of your IT network.

Cyber Security

Hackers Planted Backdoor in Webmin, Popular Utility for Linux/Unix Servers

Security researcher ..zkan Mustafa Akku.. presented zero-day remote code execution vulnerability in Webmin at DefCon on August 10. The vulnerability, tracked as CVE-2019-15107, was introduced in a security feature that has been designed to let Webmin administrator enforce a password expiration policy for other users’ accounts. Attackers can execute arbitrary commands with root privileges on affected servers just by adding a simple pipe command (“|”) in the old password field through POST requests. Webmin developers have removed the malicious backdoor in its software to address the vulnerability and released the clean versions.

Source: https://thehackernews.com/2019/08/webmin-vulnerability-hacking.html

Related posts
Cyber Security

Zip Codes & PII: Are They Personal Data?

Cyber Security

Zero-Day Vulnerabilities: User Defence Guide

Cyber Security

Zero Knowledge Voting with Trusted Server

Cyber Security

ZeroNet: 51% Attack Risks & Mitigation