Summary: A security vulnerability in Webmin versions 2.202 and below allows attackers to bypass SSL certificate authentication, potentially granting unauthorized access to sensitive systems. This flaw arises from Webmin’s mishandling of SSL certificates when remote IP addresses from proxies are trusted. Users are urged to upgrade to version 2.301 or later and to adjust their IP Access Control settings as a precautionary measure.
Affected: Webmin (versions 2.202 and below)
Keypoints :
- Vulnerability allows bypassing of SSL certificate authentication.
- Affects approximately 1,000,000 servers utilizing Webmin.
- Users should upgrade to version 2.301 or later to mitigate risks.
- Recommendation to disable “Trust level for proxy headers” in settings.
- Reported by Tatsu Taki from JPCERT/CC.
Source: https://securityonline.info/webmin-vulnerability-allows-bypassing-of-ssl-certificate-authentication/