Yeah, getting Webmin security right is possible but very challenging. Whenever I'm doing a security assessment at a client and I see traffic to/from servers on port 10000 I always make a note that there's probably some vulnerabilities there that our pentest guys will want to explore.
I have no idea if Cockpit is any more secure, but Webmin does have its fair share of security issues.
Personally, no, i don't want a webserver managing my servers. But i surely hope not the same mistakes or security issues arise that happened for webmin.
freehunter|8 years ago
I have no idea if Cockpit is any more secure, but Webmin does have its fair share of security issues.
thinkMOAR|8 years ago