It seems that the exploit would only work if you had it set up so that users were allowed to log in with expired passwords, which seems a daft setting.

I have been a webmin user for a few years now, but find I use it less and less as its usefulness declines rapidly as other software changes. I think it is a tool that has had its day, to be honest

On Fri, 6 Sep 2019 at 22:57, Ian Watters <lovingboth@gmail.com> wrote:

One that caught one server in the past month was webmin's, where one
version was hacked with a backdoor would by default let an attacker
run code as root, and later versions could also do so, depending on
how they'd been set up.

http://www.webmin.com/exploit.html

It didn't help that it's easy to let webmin update itself rather than
using the usual Debian apt / apt-get utilities and, if you don't use
it very often, it's easy to miss an update release.

What it did was install something listening to port 59000. As that
port (and almost all others) has always been blocked by the firewall,
it doesn't seem to have done anything bad, but it's rebuild on a fresh
VPS and destroy it time.

Ian, knowing that Andy has always disliked webmin...

_______________________________________________
users mailing list
users@lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users