By default Webmin is using /etc/shadow
file for authentication.
In case Webmin is setup to use password authentication, on Webmin ⇾ Webmin Configuration: Edit Webmin User page, it will also store hashed passwords (i.e. in /etc/webmin/miniserv.users
file) based on hashing format defined on Webmin ⇾ Webmin Configuration: Authentication page.
Either way, the passwords for authentication stored by Webmin are always hashed!