Managed Risk

Risk Dashboard

Updated Jan 25, 2024

Disable CGI scanning

Webmin applications often use the Common Gateway Interface (CGI) language, so disabling these scans removes a lot of the Webmin checks that the Risk Scanner performs. CGI is a legacy feature for web-based Active Directory sign-in pages that consistently experienced false-positive account lockouts. Disabling the CGI scanning prevents the lockouts from Risk Scanner scans but does not mitigate the risk to the customer.

For example, if a typical Webmin page using CGI has a vulnerability, the CGI scanning presumably discovers this vulnerability. If the discovered vulnerability involves bad actors using known or default credentials to sign in to the system, there is a risk of account lockout. Disabling the CGI scanning can limit the negative customer impact of account lockouts while the customer performs any remediation steps that are required to address the vulnerability.

  1. Sign in to the Risk Dashboard.

  2. In the navigation menu, click Config > Scanner Config.

  3. In the Scanner Configuration section, click Troubleshooting Settings.

    The Troubleshooting settings dialog appears.

  4. Click the CGI scanning toggle to the off position.

  5. Click Close.

    Your changes are automatically saved.