Thursday, February 25, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

Hackers Planted Backdoor in Webmin, Popular Utility for Linux/Unix Servers

August 20, 2019
in Internet Privacy
Hackers Planted Backdoor in Webmin, Popular Utility for Linux/Unix Servers
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Following the public disclosure of a critical zero-day vulnerability in Webmin last week, the project’s maintainers today revealed that the flaw was not actually the result of a coding mistake made by the programmers.

Instead, it was secretly planted by an unknown hacker who successfully managed to inject a backdoor at some point in its build infrastructure—that surprisingly persisted into various releases of Webmin (1.882 through 1.921) and eventually remained hidden for over a year.

You might also like

The Top Free Tools for Sysadmins in 2021

Everything You Need to Know About Evolving Threat of Ransomware

Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique

With over 3 million downloads per year, Webmin is the world’s most popular open-source web-based application for managing Unix-based systems, such as Linux, FreeBSD, or OpenBSD servers.

Webmin offers a simple user interface (UI) to manage users and groups, databases, BIND, Apache, Postfix, Sendmail, QMail, backups, firewalls, monitoring and alerts, and much more.

The story started when Turkish researcher Özkan Mustafa Akkuş publicly presented a zero-day remote code execution vulnerability in the Webmin at DefCon on August 10, without giving any advance notice to the affected project maintainers.

“We received no advance notification of it, which is unusual and unethical on the part of the researcher who discovered it. But, in such cases there’s nothing we can do but fix it ASAP,” said Joe Cooper, one of the project’s developers.

Besides revealing the flaw to the public, Akkuş also released a Metasploit module for this vulnerability that aims to automate the exploitation using the Metasploit framework.

webmin

The vulnerability, tracked as CVE-2019-15107, was introduced in a security feature that has been designed to let Webmin administrator enforce a password expiration policy for other users’ accounts.

According to the researcher, the security flaw resides in the password reset page and allows a remote, unauthenticated attacker to execute arbitrary commands with root privileges on affected servers just by adding a simple pipe command (“http://thehackernews.com/””) in the old password field through POST requests.

In a blog post published today, Cooper said that the team is still investigating how and when the backdoor was introduced, but confirmed that the official Webmin downloads were replaced by the backdoored packages only on the project’s SourceForge repository, and not on the Webmin’s GitHub repositories.

Cooper also stressed that the affected password expiration feature doesn’t come enabled by default for Webmin accounts, which means that most versions are not vulnerable in their default configuration, and the flaw only affects Webmin admins who have manually enabled this feature.

“To exploit the malicious code, your Webmin installation must have Webmin → Webmin Configuration → Authentication → Password expiry policy set to Prompt users with expired passwords to enter a new one. This option is not set by default, but if it is set, it allows remote code execution,” Cooper said.

However, another security researcher on Twitter later revealed that Webmin version 1.890 is affected in the default configuration, as the hackers appear to have modified the source code to enable password expiration feature by default for all Webmin users.
webmin exploit hacking

These unusual changes in the Webmin source code were red-flagged by an administrator late last year, but surprisingly, Webmin developers never suspected that it was not their mistake, but the code was actually modified by someone else intentionally.

According to a Shodan search, Webmin has more than 218,000 Internet-exposed instances available at the time of writing, mostly located in the United States, France, and Germany—of which over 13,000 instances are running vulnerable Webmin version 1.890.

shodan webmin

Webmin developers have now removed the malicious backdoor in its software to address the vulnerability and released the clean versions, Webmin 1.930 and Usermin version 1.780.

The latest Webmin and Usermin releases also address a handful of cross-site scripting (XSS) vulnerabilities that were responsibly disclosed by a different security researcher who has been rewarded with a bounty.

So, Webmin administrators are strongly recommended to update their packages as soon as possible.


Credit: The Hacker News By: noreply@blogger.com (Unknown)

Previous Post

Apply recommender system using Spark SVD and Amazon SageMaker

Next Post

An AI privacy conundrum? The neural net knows more than it says

Related Posts

The Top Free Tools for Sysadmins in 2021
Internet Privacy

The Top Free Tools for Sysadmins in 2021

February 25, 2021
Everything You Need to Know About Evolving Threat of Ransomware
Internet Privacy

Everything You Need to Know About Evolving Threat of Ransomware

February 25, 2021
Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique
Internet Privacy

Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique

February 25, 2021
Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks
Internet Privacy

Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks

February 24, 2021
Critical RCE Flaws Affect VMware ESXi and vSphere Client — Patch Now
Internet Privacy

Critical RCE Flaws Affect VMware ESXi and vSphere Client — Patch Now

February 24, 2021
Next Post
An AI privacy conundrum? The neural net knows more than it says

An AI privacy conundrum? The neural net knows more than it says

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Facebook bans Myanmar military-controlled accounts from its platforms
Internet Security

Facebook bans Myanmar military-controlled accounts from its platforms

February 25, 2021
The Top Free Tools for Sysadmins in 2021
Internet Privacy

The Top Free Tools for Sysadmins in 2021

February 25, 2021
RAND Corp. Finds DoD “Significantly Challenged” in AI Posture 
Artificial Intelligence

RAND Corp. Finds DoD “Significantly Challenged” in AI Posture 

February 25, 2021
Machine learning‐based analysis of alveolar and vascular injury in SARS‐CoV‐2 acute respiratory failure – Calabrese – – The Journal of Pathology
Machine Learning

Machine learning‐based analysis of alveolar and vascular injury in SARS‐CoV‐2 acute respiratory failure – Calabrese – – The Journal of Pathology

February 25, 2021
Cloud, data amongst APAC digital skills most needed
Internet Security

Cloud, data amongst APAC digital skills most needed

February 25, 2021
SolarWinds Hackers Targeted Cloud Services as a Key Objective 
Artificial Intelligence

SolarWinds Hackers Targeted Cloud Services as a Key Objective 

February 25, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Facebook bans Myanmar military-controlled accounts from its platforms February 25, 2021
  • The Top Free Tools for Sysadmins in 2021 February 25, 2021
  • RAND Corp. Finds DoD “Significantly Challenged” in AI Posture  February 25, 2021
  • Machine learning‐based analysis of alveolar and vascular injury in SARS‐CoV‐2 acute respiratory failure – Calabrese – – The Journal of Pathology February 25, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates