A cikin kunshin , wanda ke ba da kayan aiki don sarrafa uwar garken nesa, bayan gida (), wanda aka samo a cikin ginin aikin hukuma, via Sourceforge da a babban shafin. Ƙofar baya ta kasance a cikin ginin daga 1.882 zuwa 1.921 mai haɗawa (babu lambar tare da bayan gida a cikin ma'ajin git) kuma an ba da izinin aiwatar da umarnin harsashi na sabani ba tare da ingantacciyar hanyar ba akan tsarin tare da haƙƙin tushen.
Don kai hari, ya isa a sami tashar hanyar sadarwa ta buɗe tare da Webmin kuma kunna aikin don canza tsoffin kalmomin shiga a cikin keɓancewar yanar gizo (wanda aka kunna ta tsohuwa a cikin ginin 1.890, amma an kashe shi a wasu sigogin). Matsala в 1.930. A matsayin ma'aunin wucin gadi don toshe ƙofar baya, kawai cire saitin “passwd_mode=” daga fayil ɗin sanyi /etc/webmin/miniserv.conf. An shirya don gwaji .
Matsalar ta kasance a cikin rubutun password_change.cgi, wanda a ciki za a duba tsohuwar kalmar sirri da aka shigar a cikin hanyar yanar gizo aikin unix_crypt, wanda kalmar sirri da aka karɓa daga mai amfani ke wucewa ba tare da guje wa haruffa na musamman ba. A cikin ma'ajiyar git wannan aikin nannade a kusa da Crypt :: UnixCrypt module kuma ba shi da haɗari, amma lambar tarihin da aka bayar akan lambar kiran gidan yanar gizon Sourceforge wanda ke shiga /etc/inuwa kai tsaye, amma yana yin wannan ta amfani da ginin harsashi. Don kai hari, kawai shigar da alamar "|" a cikin filin tare da tsohuwar kalmar sirri. kuma lambar da ke biyo baya za a aiwatar da ita tare da haƙƙin tushen akan uwar garke.
By Masu haɓaka Webmin, an saka lambar ɓarna a sakamakon lalata kayan aikin aikin. Har yanzu ba a ba da cikakkun bayanai ba, don haka ba a bayyana ko hack ɗin ya iyakance ne kawai don sarrafa asusun Sourceforge ko kuma ya shafi wasu abubuwan ci gaban Webmin da gina ababen more rayuwa. Lambar ƙeta tana nan a cikin ma'ajiyar bayanai tun Maris 2018. Matsalar kuma ta shafi . A halin yanzu, ana sake gina duk wuraren adana kayan tarihin daga Git.
source: budenet.ru