diff --git a/modules/exploits/unix/webapp/webmin_show_cgi_exec.rb b/modules/exploits/unix/webapp/webmin_show_cgi_exec.rb
index a1f5898861..1ce7165949 100644
--- a/modules/exploits/unix/webapp/webmin_show_cgi_exec.rb
+++ b/modules/exploits/unix/webapp/webmin_show_cgi_exec.rb
@@ -121,8 +121,14 @@ class Metasploit3 < Msf::Exploit::Remote
 			}, 25)
 
 		if res and res.code == 302 and res.headers['Set-Cookie'] =~ /sid/
+			session = res.headers['Set-Cookie'].scan(/sid\=(\w+)\;*/).flatten[0] || ''
+			if session and not session.empty?
+				print_good "#{peer} - Authentication successfully"
+			else
+				print_error "#{peer} - Authentication failed"
+				return
+			end
 			print_good "#{peer} - Authentication successfully"
-			session = res.headers['Set-Cookie'].split("sid=")[1].split(";")[0]
 		else
 			print_error "#{peer} - Authentication failed"
 			return