Webmin before 0.5 does not restrict the number of invalid passwords that are entered for a valid username, which could allow remote attackers to gain privileges via brute force password cracking.Referenceshttp://www.securityfocus.com/archive/1/9138http://www.webmin.com/webmin/changes.htmlhttp://www.securityfocus.com/bid/98
