Impact
The Webmin HTTP server (miniserv.pl) contains an authentication bypass that allows an attacker to forge HTTP headers and impersonate any user whose account is linked to an SSL client certificate. By spoofing certificate subject names (DNs) in the header, an unauthenticated attacker can obtain session tokens that are normally restricted to legitimate certificate holders, effectively gaining the privileges of that user. The weakness is a classic example of improper authentication enforcement (CWE‑290).
Affected Systems
All installations of Webmin prior to release 2.641 are vulnerable. The flaw applies to any version of the Webmin suite that supports SSL client certificate authentication, regardless of the operating system or environment. The affected component is the miniserv.pl HTTP server handling SSL client certificates.
Risk and Exploitability
With a CVSS score of 9.2 the vulnerability is considered critical. The EPSS score is currently unavailable, and the vulnerability is not listed in the CISA KEV catalog. An attacker needs only to send a crafted HTTP request over the network to the Webmin server; no local access or privileged credentials are required. The attack path is purely remote, making the potential impact immediate and widespread if the Webmin instance is exposed to the internet or a compromised internal network.
OpenCVE Enrichment