Full Disclosure mailing list archives
Re: Security flaw in Full Disclosure mailing list
From: Jim Popovitch <jimpop () gmail com>
Date: Wed, 2 Apr 2014 16:32:27 -0400
On Wed, Apr 2, 2014 at 4:25 PM, Ron <ron () skullsecurity net> wrote:
That doesn't change the fact that it's storing the passwords in plaintext, though, it just hides the 'your passwords are completely insecure' issue a little bit.
Of course. That patch (one liner) is just to prevent the bulk monthly reminders (which often end up in spam filters or in some admins dead.letter box) from containing the actual insecure password which could be used to produce no actual harm. As someone else noted, mailman never claims to securely store your password, and my patch simply keeps a list from defaulting to distributing that plainly stored password. -Jim P. _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Security flaw in Full Disclosure mailing list Nick Lindridge (Apr 02)
- Re: Security flaw in Full Disclosure mailing list Ron (Apr 02)
- Re: Security flaw in Full Disclosure mailing list Fyodor (Apr 02)
- Re: Security flaw in Full Disclosure mailing list Reindl Harald (Apr 02)
- Re: Security flaw in Full Disclosure mailing list Eric G (Apr 02)
- Re: Security flaw in Full Disclosure mailing list Jimmy Crossley (Apr 02)
- Re: Security flaw in Full Disclosure mailing list Fyodor (Apr 02)
- Re: Security flaw in Full Disclosure mailing list Jim Popovitch (Apr 02)
- Re: Security flaw in Full Disclosure mailing list Ron (Apr 02)
- Re: Security flaw in Full Disclosure mailing list Jim Popovitch (Apr 02)
- Re: Security flaw in Full Disclosure mailing list Jeffrey Walton (Apr 02)
- Re: Security flaw in Full Disclosure mailing list George Chatzisofroniou (Apr 03)
- Re: Security flaw in Full Disclosure mailing list Fyodor (Apr 02)
- Re: Security flaw in Full Disclosure mailing list Michal Zalewski (Apr 02)
- Re: Security flaw in Full Disclosure mailing list Brandon Perry (Apr 02)
- Message not available
- Re: Security flaw in Full Disclosure mailing list Brandon Perry (Apr 02)