CVE-2004-0583 - OpenCVE

The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Usermin	Usermin
Webmin	Webmin

Configuration 1 [-]

OR	cpe:2.3:a:usermin:usermin:1.070:::::::*
	cpe:2.3:a:webmin:webmin:1.1.40:::::::*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:3.0:::::::*
	cpe:2.3:o:debian:debian_linux:3.0::alpha:::::
	cpe:2.3:o:debian:debian_linux:3.0::arm:::::
	cpe:2.3:o:debian:debian_linux:3.0::hppa:::::
	cpe:2.3:o:debian:debian_linux:3.0::ia-32:::::
	cpe:2.3:o:debian:debian_linux:3.0::ia-64:::::
	cpe:2.3:o:debian:debian_linux:3.0::m68k:::::
	cpe:2.3:o:debian:debian_linux:3.0::mips:::::
	cpe:2.3:o:debian:debian_linux:3.0::mipsel:::::
	cpe:2.3:o:debian:debian_linux:3.0::ppc:::::
	cpe:2.3:o:debian:debian_linux:3.0::s-390:::::
	cpe:2.3:o:debian:debian_linux:3.0::sparc:::::

No data.

References

Link	Providers
http://marc.info/?l=bugtraq&m=108737059313829&w=2
http://www.debian.org/security/2004/dsa-526
http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml
http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml
http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074
http://www.securityfocus.com/bid/10474
http://www.securityfocus.com/bid/10523
http://www.webmin.com/changes-1.150.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/16334

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2004-06-23T04:00:00

Updated: 2024-08-08T00:24:26.063Z

Reserved: 2004-06-18T00:00:00

Link: CVE-2004-0583

Vulnrichment

No data.

NVD

Status : Modified

Published: 2004-08-06T04:00:00.000

Modified: 2017-07-11T01:30:16.853

Link: CVE-2004-0583

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-06-11T00:00:00", "descriptions": [{"lang": "en", "value": "The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "10474", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/10474"}, {"name": "DSA-526", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2004/dsa-526"}, {"name": "webmin-username-password-dos(16334)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16334"}, {"name": "10523", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/10523"}, {"name": "MDKSA-2004:074", "tags": ["vendor-advisory", "x_refsource_MANDRAKE"], "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074"}, {"name": "20040611 [SNS Advisory No.75] Webmin/Usermin Account Lockout Bypass Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=108737059313829&w=2"}, {"name": "GLSA-200406-15", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.webmin.com/changes-1.150.html"}, {"name": "GLSA-200406-12", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml"}, {"tags": ["x_refsource_MISC"], "url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0583", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "10474", "refsource": "BID", "url": "http://www.securityfocus.com/bid/10474"}, {"name": "DSA-526", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2004/dsa-526"}, {"name": "webmin-username-password-dos(16334)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16334"}, {"name": "10523", "refsource": "BID", "url": "http://www.securityfocus.com/bid/10523"}, {"name": "MDKSA-2004:074", "refsource": "MANDRAKE", "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074"}, {"name": "20040611 [SNS Advisory No.75] Webmin/Usermin Account Lockout Bypass Vulnerability", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=108737059313829&w=2"}, {"name": "GLSA-200406-15", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml"}, {"name": "http://www.webmin.com/changes-1.150.html", "refsource": "CONFIRM", "url": "http://www.webmin.com/changes-1.150.html"}, {"name": "GLSA-200406-12", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml"}, {"name": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html", "refsource": "MISC", "url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T00:24:26.063Z"}, "title": "CVE Program Container", "references": [{"name": "10474", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/10474"}, {"name": "DSA-526", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2004/dsa-526"}, {"name": "webmin-username-password-dos(16334)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16334"}, {"name": "10523", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/10523"}, {"name": "MDKSA-2004:074", "tags": ["vendor-advisory", "x_refsource_MANDRAKE", "x_transferred"], "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074"}, {"name": "20040611 [SNS Advisory No.75] Webmin/Usermin Account Lockout Bypass Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=108737059313829&w=2"}, {"name": "GLSA-200406-15", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.webmin.com/changes-1.150.html"}, {"name": "GLSA-200406-12", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0583", "datePublished": "2004-06-23T04:00:00", "dateReserved": "2004-06-18T00:00:00", "dateUpdated": "2024-08-08T00:24:26.063Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:usermin:usermin:1.070:*:*:*:*:*:*:*", "matchCriteriaId": "FC37A972-11D7-4C85-A8DC-5EDE808629F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.1.40:*:*:*:*:*:*:*", "matchCriteriaId": "AD33CE40-DFC9-4BDC-BF4F-9E0B268B8503", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "2CAE037F-111C-4A76-8FFE-716B74D65EF3", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*", "matchCriteriaId": "A6B060E4-B5A6-4469-828E-211C52542547", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*", "matchCriteriaId": "974C3541-990C-4CD4-A05A-38FA74A84632", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*", "matchCriteriaId": "6CBF1E0F-C7F3-4F83-9E60-6E63FA7D2775", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*", "matchCriteriaId": "58792F77-B06F-4780-BA25-FE1EE6C3FDD9", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*", "matchCriteriaId": "C9419322-572F-4BB6-8416-C5E96541CF33", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*", "matchCriteriaId": "BFC50555-C084-46A3-9C9F-949C5E3BB448", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*", "matchCriteriaId": "9C25D6E1-D283-4CEA-B47B-60C47A5C0797", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*", "matchCriteriaId": "AD18A446-C634-417E-86AC-B19B6DDDC856", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*", "matchCriteriaId": "E4BB852E-61B2-4842-989F-C6C0C901A8D7", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*", "matchCriteriaId": "24DD9D59-E2A2-4116-A887-39E8CC2004FC", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*", "matchCriteriaId": "F28D7457-607E-4E0C-909A-413F91CFCD82", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords."}, {"lang": "es", "value": "La funcionalidad lockout en (1)Webmin 1.140 y (2) Usermin 1.070 no process ciertas cadenas de caract\u00e9reis, lo que permite a atacanetes remotos conducir un ataque de fuerza bruta para averiguar IDs de usuario y contrase\u00f1as."}], "id": "CVE-2004-0583", "lastModified": "2017-07-11T01:30:16.853", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2004-08-06T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=108737059313829&w=2"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2004/dsa-526"}, {"source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml"}, {"source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml"}, {"source": "cve@mitre.org", "url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html"}, {"source": "cve@mitre.org", "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/10474"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/10523"}, {"source": "cve@mitre.org", "url": "http://www.webmin.com/changes-1.150.html"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16334"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}