Service:
http
Protocol:
TCPPort:
10000Used for:
Web-based system administration interfaceWhy It’s Open
Port 10000 is primarily used by Webmin, a web‑based system administration tool for Unix‑like systems. It provides a comprehensive interface for managing system services, users, files, and software packages through a web browser.
Common Risks
- Default credentials exploitation
Attackers leverage unchanged default logins. - Authentication bypass vulnerabilities
Flaws may allow access without valid credentials. - Remote Code Execution (RCE)
Critical bugs can enable arbitrary command execution. - SSL/TLS misconfigurations
Poor encryption settings expose data to interception. - Privilege escalation through module vulnerabilities
Compromised modules can grant root‑level access. - Information disclosure
Sensitive system details may be leaked. - Session hijacking
Unprotected sessions can be stolen and reused.
Want to save time on reporting?
Let PentestPad generate, track, and export your reports - automatically.
Enumeration & Testing
Service Detection:
nmap -sV -p 10000SSL/TLS Analysis:
sslscan :10000Vulnerability Scanning:
nikto -h https://:10000Directory Enumeration:
gobuster dir -u https://:10000 -w /usr/share/wordlists/dirb/common.txt -kWhat to Look For
| Checkpoint | What it means |
|---|---|
| Webmin version number in headers | Identify outdated or vulnerable versions |
| SSL/TLS configuration issues | Weak ciphers or missing certificate validation |
| Exposed module endpoints | Unprotected administrative functionality |
| Authentication mechanisms | Presence of default or insecure login methods |
| Error messages revealing internals | Leak of system paths or software details |
| Accessible configuration files | Potential disclosure of credentials or settings |
| Default or weak credentials | Easy unauthorized access |
Mitigation
- Keep Webmin updated
Apply the latest patches and versions. - Use strong, unique passwords
Avoid default or reused credentials. - Implement IP‑based access restrictions
Limit administration to trusted networks. - Enable and configure SSL/TLS properly
Use valid certificates and strong ciphers. - Disable unnecessary modules
Reduce attack surface by removing unused features. - Use fail2ban
Block brute‑force attempts automatically. - Set up 2FA where possible
Add a second factor for critical logins. - Conduct regular security audits
Review configurations and logs periodically. - Configure proper file permissions
Restrict access to sensitive Webmin files.
Real World Example
In August 2019, a critical vulnerability (CVE‑2019‑15107) was discovered in Webmin versions 1.890 through 1.920. The flaw allowed unauthenticated remote code execution via a malicious password reset backdoor added to the source code. Roughly 15,000 internet‑exposed Webmin instances were compromised before patches were applied, highlighting the need for timely updates and monitoring.
TL;DR
- Port 10000 = Webmin administration interface
- High‑privilege service requiring strict access controls
- Critical to keep updated, secure TLS, and enforce strong auth
- History of RCE and bypass makes this a prime target
Known CVEs and Exploits
- CVE‑2019‑15107 – Remote code execution via malicious password reset backdoor
- CVE‑2020‑35606 – RCE through package update functionality
- CVE‑2021‑31760 – Arbitrary file read in file manager module
- CVE‑2022‑0824 – Cross‑site scripting in multiple admin modules