Open Source Webmin had Backdoor for More Than a Year
Webmin developer's have disclosed the critical zero-day vulnerability found last week wasn’t a flaw; it was planted by a hacker.
Someone planted a backdoor into the build infrastructure of Webmin, and it remained undetected through version 1.882 to 1.921.
Researcher Özkan Mustafa Akkuş who discovered the vulnerability, did not inform the project about the backdoor and publicly disclosed it at DefCon.
Joe Cooper, one of Webmin's developers, called it an unethical practice, giving the project no time to work on a fix to protect users.
Akkuş also released a Metasploit module to exploit the vulnerability.
Webmin developers fixed the flaw by removing the backdoor. Webmin is a popular open-source web-based application for managing Unix-based systems.
08/28/2019
Subscribe to our ADMIN Newsletters
Find SysAdmin Jobs
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Topics
12.04 LTS
16 cores
8 cores
AI
AMD
AMD-V
AMI
Active Directory
Administration
Amazon AWS
Amazon CloudFront
Amazon Machine Images
Anaconda
Analytics
Ansible
Apache
Apache Deltacloud
Apache benchmarking tool
ab
acceleration
acquisition
admin tools
agedu
alert
amazon
analysis
analysis
anticipatory
application performance