Users of Mailman please be advised of a password vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
Mailman-SA-07/15/2010: Mailman Mis/Default configuration
By default, while subscribing to a mailing list on a website, running
Mailman (GNU) for mailing list management, the user has got options to
manage his/her subscription options.
There is an option of getting password reminder email for this list
once in a month.
And, by default, this option is set to Yes.
Along with sending the password reminder mail in *plain text* to the
users, it get's archived on the sites too.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/cwqU5t
No comments:
Post a Comment