Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#340 Security Warning

closed-fixed
nobody
None
5
2008-03-25
2008-03-25
Eric Sanner
No

Usermin 1.330
CentOS 5
Webmin 1.401

I get the following warning at various times in IE and irefox. I have followed the first set of steps but the warning does not go away. I have restarted webmin and usermin hoping that would fix the problem. It does not. If I look at the headers using LiveHTTPHeaders in firefox, the Referrers header is not present.

In IE I notice the problem when you click the address book, attach files (and you get the progress meter popup). (The auto refresh works here).

In Firefox I notice it if you have the mailbox auto refresh. (The address book and attach files works here).

Security Warning
Warning! Webmin has detected that the program https://64.151.130.129:20000/mailbox/index.cgi?start=&folder=0 was linked to from an unknown URL, which appears to be outside the Webmin server. This may be an attempt to trick your server into executing a dangerous command.

If your browser does not send the Referer header needed, you can turn off this check as follows :

* Login to Webmin normally.
* Go to the Webmin Configuration module.
* Click on the Trusted Referrers icon.
* Check the Trust links from unknown referrers box, and click Save.

Alternately, you can configure Webmin to allow links from unknown referers by :

* Login as root, and edit the /etc/webmin/config file.
* Find the line referers_none=1 and remove it.
* Save the file.

Discussion

  • Jamie Cameron
    Jamie Cameron
    2008-03-25

    Logged In: YES
    user_id=129364
    Originator: NO

    This is a known bug, which the 1.340 Usermin release (due out this week) will fix.

     
  • Jamie Cameron
    Jamie Cameron
    2008-03-25

    • status: open --> closed-fixed