Exploits on Webmin 1.8xx and earlier


Developers have just announced the release of Webmin 1.930. This includes some important security fixes. If you have an older Webmin version please update urgently to insure your server remains secure.

In particular they described an exploit that is fairly major.

Should your install be too old to update, you can fix the bug by editing the file in /etc/webmin/miniserv.conf and remove the passwd_mode= line, followed by restarting the webmin service. A quick easy shell script for this would be like this …

sed -i s/passwd_mode.*// /etc/webmin/miniserv.conf 
service webmin restart

If you need a hand with any of this, pop in a ticket and we can help out.