Backdoors in Webmin

Anybody using Webmin, a web-basedsystem-administration tool, will want to update now, as it turns out thatthe system has beenbackdoored for over a year. "At some time in April 2018, theWebmin development build server was exploited and a vulnerability added tothe password_change.cgi script. Because the timestamp on the file was setback, it did not show up in any Git diffs. This was included in the Webmin1.890 release."