Full Disclosure mailing list archives

Re: Security flaw in Full Disclosure mailing list

From: Reindl Harald <h.reindl () thelounge net>
Date: Wed, 02 Apr 2014 20:36:07 +0200



Am 02.04.2014 15:43, schrieb Nick Lindridge:

Apologies if this has been pointed out before, hard to imagine that it hasn't really. When signing up for the list,
I was surprised that it emailed back my password in plain text.

Can this security flaw be addressed?


not without re-write mailmain 8X-Mailman-Version: 2.1.15)

9 out of 10 lists out there even mail the password
once per month by stupidity while the real scary is
that this is possible at all meaning stored in plaintext

Attachment: signature.asc
Description: OpenPGP digital signature


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Current thread:

Security flaw in Full Disclosure mailing list Nick Lindridge (Apr 02)
- Re: Security flaw in Full Disclosure mailing list Ron (Apr 02)
- Re: Security flaw in Full Disclosure mailing list Fyodor (Apr 02)
- Re: Security flaw in Full Disclosure mailing list Reindl Harald (Apr 02)
- Re: Security flaw in Full Disclosure mailing list Eric G (Apr 02)
- Re: Security flaw in Full Disclosure mailing list Jimmy Crossley (Apr 02)
  - Re: Security flaw in Full Disclosure mailing list Fyodor (Apr 02)
    - Re: Security flaw in Full Disclosure mailing list Jim Popovitch (Apr 02)
    - Re: Security flaw in Full Disclosure mailing list Ron (Apr 02)
    - Re: Security flaw in Full Disclosure mailing list Jim Popovitch (Apr 02)
    - Re: Security flaw in Full Disclosure mailing list Jeffrey Walton (Apr 02)
    - Re: Security flaw in Full Disclosure mailing list George Chatzisofroniou (Apr 03)
    - Re: Security flaw in Full Disclosure mailing list Michal Zalewski (Apr 02)
    - Re: Security flaw in Full Disclosure mailing list Brandon Perry (Apr 02)

(Thread continues...)