Full Disclosure mailing list archives
Re: Security flaw in Full Disclosure mailing list
From: Fyodor <fyodor () nmap org>
Date: Wed, 2 Apr 2014 11:38:12 -0700
On Wed, Apr 2, 2014 at 6:43 AM, Nick Lindridge <nick () ioncube com> wrote:
Apologies if this has been pointed out before, hard to imagine that it hasn't really. When signing up for the list, I was surprised that it emailed back my password in plain text.
Hi Nick. Yeah, Mailman does that sort of thing. But to their credit, on the list description/signup page at ( http://nmap.org/mailman/listinfo/fulldisclosure), the text above the password box says: "You may enter a privacy password below. This provides only mild security, but should prevent others from messing with your subscription. Do not use a valuable password as it will occasionally be emailed back to you in cleartext." They should probably just call it a confirmation token or something instead of password, as the point is just to prove you're the one getting email at the given address so you can edit your list subscription preferences. I never enter a token and let Mailman choose one for me. Cheers, Fyodor _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Security flaw in Full Disclosure mailing list Nick Lindridge (Apr 02)
- Re: Security flaw in Full Disclosure mailing list Ron (Apr 02)
- Re: Security flaw in Full Disclosure mailing list Fyodor (Apr 02)
- Re: Security flaw in Full Disclosure mailing list Reindl Harald (Apr 02)
- Re: Security flaw in Full Disclosure mailing list Eric G (Apr 02)
- Re: Security flaw in Full Disclosure mailing list Jimmy Crossley (Apr 02)
- Re: Security flaw in Full Disclosure mailing list Fyodor (Apr 02)
- Re: Security flaw in Full Disclosure mailing list Jim Popovitch (Apr 02)
- Re: Security flaw in Full Disclosure mailing list Ron (Apr 02)
- Re: Security flaw in Full Disclosure mailing list Jim Popovitch (Apr 02)
- Re: Security flaw in Full Disclosure mailing list Jeffrey Walton (Apr 02)
- Re: Security flaw in Full Disclosure mailing list George Chatzisofroniou (Apr 03)
- Re: Security flaw in Full Disclosure mailing list Fyodor (Apr 02)
- Re: Security flaw in Full Disclosure mailing list Michal Zalewski (Apr 02)