VULHUB ™

Webmin ships with a built-in SSL key. This SSL key is the same for every installation of a vulnerable version of the software. If SSL is enabled in the Webmin installation, this common key may be used by remote attackers to eavesdrop on or hijack Webmin sessions. This may lead to a complete compromise of the underlying system. It may also be possible to decrypt traffic that is sent during the SSL session.

Webmin ships with a built-in SSL key. This SSL key is the same for every installation of a vulnerable version of the software. If SSL is enabled in the Webmin installation, this common key may be used by remote attackers to eavesdrop on or hijack Webmin sessions. This may lead to a complete compromise of the underlying system. It may also be possible to decrypt traffic that is sent during the SSL session.