2005-06-21 04:00:00
mitre
PUBLISHED
Webmin 0.92, when installed from an RPM, creates /var/webmin with insecure permissions (world readable), which could allow local users to read the root users cookie-based authentication credentials and possibly hijack the root users session using the credentials.