webmin
Webmin build infrastructure compromise inserts backdoor (2019)
Webmin's build infrastructure was compromised, and attackers modified useradmin/password_change.cgi before official releases were produced. The inserted backdoor enabled unauthenticated remote command execution through the password change form, quietly riding multiple signed-looking releases over several months before public discovery by users.
- Date
- 2019-04-17 to 2019-08-17
- Category
- Open Source
- Target Surface
- Distribution
- Insertion Phase
- source
- Impact
- Backdoor
- Cause
- Compromised Infrastructure
What Was Affected
Package
webmin
LanguagePerl
ComponentDaemon
Artifact typesource archive
Domain typeproject download host
Domain
webmin.com
Compromised Versions
- 1.89
- 1.9
- 1.91
- 1.92
Incident Context
- Motive
- Unauthorized Access/Control
- Attribution
- Individual Hacker
- Observed Duration
- 122 days
Evidence
Compromised Artifacts
- sourceforge.net/projects/webadmin/files/webmin/1.920/webmin-1.920.tar.gz/download
- prdownloads.sourceforge.net/webadmin/webmin-1.890.tar.gz
Current Artifacts and Analysis
Indicators and Changes
Hashes
sha256:049286261fbcd846142014f4a7782ab3243b1a7ae816a57468f5d2f8c2199b0cmd5:7e1d72249a9eec92f9c9dc69dcfbffb3
External References
Source Data
Source record: oss/webmin/2019/meta.yaml