Webmin v1.920 Unauhenticated Remote Command Execution
Description
Webmin versions 1.890 through 1.920 contain a maliciously inserted backdoor in the source code that enables remote command execution with root privileges. The backdoor was introduced through a compromise of the Webmin build infrastructure and was not an accidental coding error. While version 1.890 was exploitable in default configurations, versions 1.900-1.920 required specific non-default settings to be vulnerable. This supply chain attack affected all users who downloaded and installed these compromised versions.
Remediation
Immediate action is required for all affected installations:
Primary Solution: Upgrade to Webmin version 1.930 or later, which removes the malicious code. Download only from official sources and verify package integrity.
Temporary Workaround (for versions 1.900-1.920 only):
1. Edit the configuration file:
sudo nano /etc/webmin/miniserv.conf2. Locate and remove any line containing
passwd_mode=3. Save the file and restart Webmin:
sudo /etc/webmin/restart
Post-Remediation: Conduct a thorough security audit of affected systems, review logs for suspicious activity, rotate all credentials, and consider the system potentially compromised until verified clean.