Mandriva Linux Security Update Advisory - Miniserv.pl in Webmin 1.220, when full PAM conversations is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).
a2567dded228c5c8e1ec16208f680d5d1cc3614ecdb6712bdc01b2a5284525a6