PUBLISHED DATE: December 31, 2002CVE-2002-1947:
Webmin 0.21 through 1.0...

Description

Webmin 0.21 through 1.0 uses the same built-in SSL key for all installations, which allows remote attackers to eavesdrop or highjack the SSL session.

Products

• Webmin 0.21
• Webmin 0.22
• Webmin 0.31
• Webmin 0.41
• Webmin 0.42
• Webmin 0.51
• Webmin 0.76
• Webmin 0.77
• Webmin 0.78
• Webmin 0.79
• Webmin 0.80
• Webmin 0.85
• Webmin 0.88
• Webmin 0.91
• Webmin 0.92
• Webmin 0.93
• Webmin 0.94
• Webmin 0.95
• Webmin 0.96
• Webmin 0.97
• Webmin 0.98
• Webmin 0.99
• Webmin 1.0.00

Questions to Ask Vendors

1. Can you confirm whether your systems are affected by CVE-2002-1947, and if so, what steps are you currently taking to mitigate this vulnerability?
2. What is your estimated timeline for fully resolving CVE-2002-1947 in your products or services, and how will you communicate updates on this issue to us as your customer?

Recommended Actions

• Check out the advisory links provided below.

References

• https://nvd.nist.gov/vuln/detail/CVE-2002-1947