CVE-2004-0583

NameCVE-2004-0583
DescriptionThe account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-526
NVD severitymedium (attack range: remote)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
userminsource(unstable)1.090-1medium
webminsource(unstable)1.150-1medium
webminsourcewoody0.94-7woody2mediumDSA-526

Search for package or bug name: Reporting problems