I have determined that the SSL key and certificate reside in
/etc/webmin/miniserv.pem.
I understand that there is a script called mod-ssl-makecert that can be
found in the package libapache-mod-ssl that acomplishes something quite
similar, it is possible it could be adapted to address this requirem
Package: webmin
Version: 0.94-7woody3
Severity: grave
Tags: security
Justification: user security hole
I installed webmin on two systems, both installations had the same SSL
Certificate fingerprint. As each install appears to use same key it may
be possible for a man in the middle to decrypt admin
2 matches
Mail list logo
