{"api_version":"1","generated_at":"2026-04-23T10:40:36+00:00","cve":"CVE-2002-0757","urls":{"html":"https://cve.report/CVE-2002-0757","api":"https://cve.report/api/cve/CVE-2002-0757.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2002-0757","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2002-0757"},"summary":{"title":"CVE-2002-0757","description":"(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations.","state":"PUBLISHED","assigner":"mitre","published_at":"2002-08-12 04:00:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"7.5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://www.iss.net/security_center/static/9037.php","name":"http://www.iss.net/security_center/static/9037.php","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"ISS X-Force Database: webmin-usermin-sessionid-spoof (9037): Webmin and Usermin could allow an attacker to spoof a session ID","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/4700","name":"http://www.securityfocus.com/bid/4700","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Webmin / Usermin Authentication Bypass Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.php","name":"http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.php","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"http://online.securityfocus.com/archive/1/271466","name":"http://online.securityfocus.com/archive/1/271466","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Vendor Advisory"],"title":"SecurityFocus HOME Mailing List: BugTraq","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2002-0757","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2002-0757","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2002","cve_id":"757","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"usermin","cpe5":"usermin","cpe6":"0.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2002","cve_id":"757","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"usermin","cpe5":"usermin","cpe6":"0.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2002","cve_id":"757","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"usermin","cpe5":"usermin","cpe6":"0.9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2002","cve_id":"757","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"webmin","cpe5":"webmin","cpe6":"0.91","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2002","cve_id":"757","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"webmin","cpe5":"webmin","cpe6":"0.92","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2002","cve_id":"757","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"webmin","cpe5":"webmin","cpe6":"0.92.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2002","cve_id":"757","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"webmin","cpe5":"webmin","cpe6":"0.93","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2002","cve_id":"757","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"webmin","cpe5":"webmin","cpe6":"0.94","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2002","cve_id":"757","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"webmin","cpe5":"webmin","cpe6":"0.95","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2002","cve_id":"757","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"webmin","cpe5":"webmin","cpe6":"0.96","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-08T03:03:47.946Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"webmin-usermin-sessionid-spoof(9037)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"http://www.iss.net/security_center/static/9037.php"},{"name":"4700","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/4700"},{"name":"MDKSA-2002:033","tags":["vendor-advisory","x_refsource_MANDRAKE","x_transferred"],"url":"http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.php"},{"name":"20020508 [SNS Advisory No.53] Webmin/Usermin Session ID Spoofing Vulnerability","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://online.securityfocus.com/archive/1/271466"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2002-05-08T00:00:00.000Z","descriptions":[{"lang":"en","value":"(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2002-07-31T09:00:00.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"webmin-usermin-sessionid-spoof(9037)","tags":["vdb-entry","x_refsource_XF"],"url":"http://www.iss.net/security_center/static/9037.php"},{"name":"4700","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/4700"},{"name":"MDKSA-2002:033","tags":["vendor-advisory","x_refsource_MANDRAKE"],"url":"http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.php"},{"name":"20020508 [SNS Advisory No.53] Webmin/Usermin Session ID Spoofing Vulnerability","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://online.securityfocus.com/archive/1/271466"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2002-0757","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"webmin-usermin-sessionid-spoof(9037)","refsource":"XF","url":"http://www.iss.net/security_center/static/9037.php"},{"name":"4700","refsource":"BID","url":"http://www.securityfocus.com/bid/4700"},{"name":"MDKSA-2002:033","refsource":"MANDRAKE","url":"http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.php"},{"name":"20020508 [SNS Advisory No.53] Webmin/Usermin Session ID Spoofing Vulnerability","refsource":"BUGTRAQ","url":"http://online.securityfocus.com/archive/1/271466"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2002-0757","datePublished":"2002-07-26T04:00:00.000Z","dateReserved":"2002-07-25T00:00:00.000Z","dateUpdated":"2024-08-08T03:03:47.946Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2002-08-12 04:00:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":true,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:usermin:usermin:0.7:*:*:*:*:*:*:*","matchCriteriaId":"CD343610-8BE2-4916-AF30-66B21330D84C"},{"vulnerable":true,"criteria":"cpe:2.3:a:usermin:usermin:0.8:*:*:*:*:*:*:*","matchCriteriaId":"0D54B4D9-5218-41F9-A701-F960199EE520"},{"vulnerable":true,"criteria":"cpe:2.3:a:usermin:usermin:0.9:*:*:*:*:*:*:*","matchCriteriaId":"B352FF6B-989C-4540-B434-9452851F745C"},{"vulnerable":true,"criteria":"cpe:2.3:a:webmin:webmin:0.91:*:*:*:*:*:*:*","matchCriteriaId":"0B0813F3-1886-481E-8822-4BD199C4934F"},{"vulnerable":true,"criteria":"cpe:2.3:a:webmin:webmin:0.92:*:*:*:*:*:*:*","matchCriteriaId":"6D25A7CA-ED9D-4562-8965-D4906D1BE5FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:webmin:webmin:0.92.1:*:*:*:*:*:*:*","matchCriteriaId":"C5C38C77-246F-41A9-A3D5-99C2DDA1DAE1"},{"vulnerable":true,"criteria":"cpe:2.3:a:webmin:webmin:0.93:*:*:*:*:*:*:*","matchCriteriaId":"C1F2D028-F2F9-4CE0-A24B-7DB44D488D4E"},{"vulnerable":true,"criteria":"cpe:2.3:a:webmin:webmin:0.94:*:*:*:*:*:*:*","matchCriteriaId":"82EE7A9B-5688-4933-95B9-476873D44A65"},{"vulnerable":true,"criteria":"cpe:2.3:a:webmin:webmin:0.95:*:*:*:*:*:*:*","matchCriteriaId":"30A57D7A-B989-4D82-B667-029A245AA6D5"},{"vulnerable":true,"criteria":"cpe:2.3:a:webmin:webmin:0.96:*:*:*:*:*:*:*","matchCriteriaId":"C664186B-DD40-490B-B2DE-4279B00102F2"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2002","CveId":"757","Ordinal":"1","Title":"CVE-2002-0757","CVE":"CVE-2002-0757","Year":"2002"},"notes":[{"CveYear":"2002","CveId":"757","Ordinal":"1","NoteData":"(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations.","Type":"Description","Title":"CVE-2002-0757"},{"CveYear":"2002","CveId":"757","Ordinal":"2","NoteData":"2002-07-26","Type":"Other","Title":"Published"},{"CveYear":"2002","CveId":"757","Ordinal":"3","NoteData":"2002-07-31","Type":"Other","Title":"Modified"}]}}}