Unrated severityNVD Advisory· Published Sep 22, 2005· Updated Apr 16, 2026

CVE-2005-3042

Description

miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).

Affected products

Usermin/Usermin
cpe:2.3:a:usermin:usermin:1.150:*:*:*:*:*:*:*
Webmin/Webmin
cpe:2.3:a:webmin:webmin:1.2.20:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

archives.neohapsis.com/archives/bugtraq/2005-09/0257.htmlnvdPatchVendor Advisory
secunia.com/advisories/16858nvdPatchVendor Advisory
www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.htmlnvdPatchVendor Advisory
www.webmin.com/changes-1.230.htmlnvdPatch
jvn.jp/jp/JVN%2340940493/index.htmlnvd
secunia.com/advisories/17282nvd
securityreason.com/securityalert/17nvd
www.gentoo.org/security/en/glsa/glsa-200509-17.xmlnvd
www.mandriva.com/security/advisoriesnvd
www.novell.com/linux/security/advisories/2005_24_sr.htmlnvd
www.osvdb.org/19575nvd
www.securityfocus.com/bid/14889nvd
www.vupen.com/english/advisories/2005/1791nvd
www.webmin.com/uchanges-1.160.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000