Backdoor found in Webmin, a popular web-based utility for managing Unix servers
Security researchers have uncovered a backdoor in Webmin, a highly popular application for remotely managing Linux servers and other Unix-based systems. Threat actors could use the backdoor to take over machines running Webmin and subsequently target the remote systems being managed via the app.
Webmin is installed on over 1 million machines and the number of systems that are remotely managed through the app may be far larger. A Webmin developer stated that the flaw was the result of “malicious code injected into compromised build infrastructure.” Earlier this week, the project released a new version of the tool that gets rid of the backdoor.