Re: Security flaw in Full Disclosure mailing list

[Jim Popovitch <jimpop () gmail com>]

On Wed, Apr 2, 2014 at 4:25 PM, Ron <ron () skullsecurity net> wrote:
> That doesn't change the fact that it's storing the passwords in
> plaintext, though, it just hides the 'your passwords are completely
> insecure' issue a little bit.

Of course. That patch (one liner) is just to prevent the bulk monthly
reminders (which often end up in spam filters or in some admins
dead.letter box) from containing the actual insecure password which
could be used to produce no actual harm.   As someone else noted,
mailman never claims to securely store your password, and my patch
simply keeps a list from defaulting to distributing that plainly
stored password.

-Jim P.

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/