[Bug 1501762] [NEW] Security issues: passwords are stored in plaintext
*** This bug is a security vulnerability *** Public security bug reported: Passwords for the mailing list users are stored in plaintext, and mailed to the users each month as "reminders" by default. Passwords should be hashed securely using modern hashing methods and the password thrown away. Mailing passwords in plaintext is something that was acceptable in 1992, barely. Doing so in 2015 is insane. At the very least the default setting of mailing out users passwords in plaintext should be eliminated. Password recovery methods should be modernized. ** Affects: mailman Importance: Undecided Status: New ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1501762 Title: Security issues: passwords are stored in plaintext To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1501762/+subscriptions
*** This bug is a duplicate of bug 265179 *** https://bugs.launchpad.net/bugs/265179 This is a well known, long standing issue. See https://bugs.launchpad.net/mailman/+bug/265179. It is fixed in Mailman 3. It won't be fixed in Mailman 2.1, but you can stop sending monthly reminders by removing the crontab entry that sends them. ** This bug has been marked a duplicate of bug 265179 Security hole: passwords mailed in clear -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1501762 Title: Security issues: passwords are stored in plaintext To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1501762/+subscriptions
participants (2)
-
Mark Sapiro -
Steeve McCauley