Potential exploit/Potential hack attempt

SYSTEM INFORMATION
OS type and version Ubuntu 22.04.4
Webmin version 2.202

I have lines like this repeated a few times in miniserv.error on a few servers running webmin or a properly installed virtualmin

[11/Sep/2024:03:05:05 +0100] [202.182.122.237] /password_change.cgi : Perl execution failed : Password changing is not enabled! at /usr/share/webmin/password_change.cgi line 12.

has someone found a possible way into webmin by using this script ? I’m guessing 'password changing is not possible without the user logged in but the attempts are logged so someone believes there is a chance to change passwords this way

Don’t cry wolf!

This is not a potential exploit!!

what is it then ?

How would I know from the limited data that you have offered? It could be merely a script kiddie somewhere trying his luck.

That is why the word potential is there meaning there is a possibility that some code is attempted to be manipulated. So what further details do want ?

1 Like

If the word ‘potential’ is intended to be used the way you describe it to be then the correct caption for you to use would be ‘Potential hack attempt’ rather then the more alarming ‘Potential exploit’ that you have used as the topic of this thread.

I’ll ask again, so what further details do want to know?

1 Like

Most probably a script kiddie still meta-sploiting old Webmin versions. There used to be a CVE which should be fixed meanwhile… As far as I know this was a supply chain attack where a backdoor was implemented in a default installation.

3 Likes

Thanks for that

As it turns out it was an old exploit

Old exploit, five years old. Not a potential exploit at all.

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.