[SAC] Fwd: passwords being sent in clear text
Alex Mandel
tech_dev at wildintellect.com
Sat Dec 1 11:14:32 PST 2012
I have not seen such a request before. I will note that the behavior is
the same for every mailman list I'm subscribed to on the web. I don't
think mailing list preference passwords are typically considered secure.
That said, it's not a bad idea to research options to make it more secure.
Quick search says, we should simply disable the monthly reminders.
Supposedly updates to mailman years ago should have moved to hashed
passwords and not auto-mailing them, but I don't see any evidence that
those patches were ever released.
Thanks,
Alex
On 12/01/2012 10:07 AM, Paul Ramsey wrote:
> Do you guys get a lot of these? This is just mailman being mailman,
> but it's the second irate "you have a security problem" mail I've
> gotten in just a couple months.
> p
>
>
> ---------- Forwarded message ----------
> From: Jason Quinn <jason.lee.quinn at gmail.com>
> Date: Sat, Dec 1, 2012 at 9:11 AM
> Subject: passwords being sent in clear text
> To: pramsey at cleverelephant.ca
>
>
> I just got a "reminder" email from mailman-owner at lists.osgeo.org about
> my subscription information. You are listed on the website as the
> maintainer. The reminder e-mail contains my e-mail address and
> listserv password sent in clear text. It even contains the word
> "password" which is one of the first things a packet sniffing cracker
> would filter on. This is clearly a security issue. Please fix this.
> _______________________________________________
> Sac mailing list
> Sac at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/sac
>
More information about the Sac
mailing list