1. Home
  2. Web App Vulnerabilities
  3. How to remediate – Webmin 1.840 Local File Inclusion Vulnerability
Searching...

How to remediate – Webmin 1.840 Local File Inclusion Vulnerability

Contents

1. Introduction

Webmin 1.840 is a web-based system administration tool for Unix and Linux systems. This vulnerability allows an unauthenticated attacker to read arbitrary files on the server, potentially exposing sensitive information like passwords or configuration data. Systems running Webmin versions 1.840 or 1.880 are affected. A successful exploit could lead to confidentiality breaches.

2. Technical Explanation

The vulnerability stems from a lack of proper access control when handling file requests within Webmin. Specifically, the ‘Can view any files as a log’ option allows unrestricted access to system files if enabled. An attacker can craft a URL that bypasses intended restrictions and reads arbitrary files on the server. CVE-2018-8712 describes this issue.

  • Root cause: The Webmin configuration permits viewing any file as a log without sufficient restriction.
  • Exploit mechanism: An attacker sends an HTTP request to a specific Webmin URL, manipulating parameters to access files outside the intended log directory. For example, accessing /webmin/config/system.conf could reveal system settings.
  • Scope: Webmin versions 1.840 and 1.880 are known to be affected.

3. Detection and Assessment

Confirming vulnerability requires checking the installed Webmin version. A thorough assessment involves attempting to read a sensitive file.

  • Quick checks: Check the Webmin version via the web interface under ‘System Information’ or use the command webmin -v if available.
  • Scanning: Nessus plugin ID 11964 and OpenVAS scanner can detect this vulnerability, but rely on self-reported versions.
  • Logs and evidence: Webmin logs may show access attempts to unusual files, though successful exploitation might not be logged directly. Check /var/log/webmin/ for relevant entries.
webmin -v

4. Solution / Remediation Steps

The fix involves disabling the ‘Can view any files as a log’ option in Webmin’s configuration.

4.1 Preparation

  • Take a backup of your Webmin configuration directory (typically /etc/webmin). Stop the Webmin service if possible, though it is not strictly required. A roll back plan involves restoring the backed-up configuration.
  • No dependencies are needed. Change windows may be required depending on business impact.

4.2 Implementation

  1. Step 1: Log in to the Webmin web interface as an administrator.
  2. Step 2: Navigate to ‘System’ -> ‘Authentication’.
  3. Step 3: Select the ‘Can view any files as a log’ option and set it to ‘No’.
  4. Step 4: Save the changes.

4.3 Config or Code Example

Before

auth_file_view = 1;

After

auth_file_view = 0;

4.4 Security Practices Relevant to This Vulnerability

List only practices that directly address this vulnerability type. Use neutral wording and examples instead of fixed advice. For example: least privilege, input validation, safe defaults, secure headers, patch cadence.

  • Practice 1: Least privilege – limiting access rights reduces the impact if an attacker gains unauthorized access.
  • Practice 2: Secure Defaults – configuring Webmin with restrictive default settings minimizes the attack surface.

4.5 Automation (Optional)

# Example using webmin-module to modify config file (requires module installation)
# This is an example only; test thoroughly before use!
# webmin-module -m config -s auth_file_view=0

5. Verification / Validation

Confirm the fix by checking the configuration setting and attempting to read a sensitive file.

  • Post-fix check: Log in to Webmin and verify that ‘Can view any files as a log’ is set to ‘No’.
  • Re-test: Attempt to access a sensitive file (e.g., /etc/passwd) via the web interface or by crafting a URL; access should be denied.
  • Smoke test: Verify that standard Webmin functionality, such as user management and system status checks, continues to work normally.
  • Monitoring: Monitor Webmin logs for any unusual file access attempts.
webmin -v

6. Preventive Measures and Monitoring

Suggest only measures that are relevant to the vulnerability type. Use “for example” to keep advice conditional, not prescriptive.

  • Baselines: Update your security baseline to include a requirement for ‘Can view any files as a log’ set to ‘No’.
  • Pipelines: Implement automated configuration checks in your CI/CD pipeline to ensure Webmin is configured securely.
  • Asset and patch process: Establish a regular patch review cycle for all software, including Webmin, to address known vulnerabilities promptly.

7. Risks, Side Effects, and Roll Back

  • Risk or side effect 1: Disabling ‘Can view any files as a log’ may affect some legitimate use cases if users rely on it for troubleshooting.
  • Risk or side effect 2: Incorrect configuration could lead to Webmin becoming inaccessible; ensure backups are available.
  • Roll back: Step 1: Log in to the Webmin web interface. Step 2: Navigate to ‘System’ -> ‘Authentication’. Step 3: Select the ‘Can view any files as a log’ option and set it to ‘Yes’. Step 4: Save the changes. If necessary, restore the backed-up configuration directory.

8. References and Resources

Updated on October 26, 2025

Was this article helpful?

Yes No

Related Articles