[Bug 266821] Re: privacy hole in password reminder
*** This bug is a duplicate of bug 265179 *** https://bugs.launchpad.net/bugs/265179 ** This bug has been marked a duplicate of bug 265179 Security hole: passwords mailed in clear -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/266821 Title: privacy hole in password reminder To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/266821/+subscriptions
*** This bug is a duplicate of bug 265179 *** https://bugs.launchpad.net/bugs/265179 Are you aware that the bug you made this a duplicate of is marked as invalid. On Tue, Oct 2, 2012 at 6:49 AM, Mark Sapiro wrote:
*** This bug is a duplicate of bug 265179 *** https://bugs.launchpad.net/bugs/265179
** This bug has been marked a duplicate of bug 265179 Security hole: passwords mailed in clear
-- You received this bug notification because you are subscribed to the bug report. https://bugs.launchpad.net/bugs/266821
Title: privacy hole in password reminder
Status in GNU Mailman: Triaged
Bug description: Mailman sends me password reminders in plain text. I can disable this feature, but other users can manually make it send a reminder just as if I had forgot the password, with no other question being asked. If smart enough to intercept that message, the attacker could:
1) Get my password; 2) get my IP in the mail header.
Possible solutions:
1) Some sites and programs use a "secret question" which right answer would give the user the chance to get a password reminder.
2) The password could be prompted in a secure html page. I find this safer, as compared to plain text mails.
[ http://sourceforge.net/tracker/index.php?func=detail&aid=1441723&group_id=103&atid=350103 ]
To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/266821/+subscriptions
** Bug watch added: SourceForge.net Tracker #1441723 http://sourceforge.net/support/tracker.php?aid=1441723 -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/266821 Title: privacy hole in password reminder To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/266821/+subscriptions
*** This bug is a duplicate of bug 265179 *** https://bugs.launchpad.net/bugs/265179 trampster wrote:
Are you aware that the bug you made this a duplicate of is marked as invalid.
Yes. Whether or not that bug is invalid is irrelevant. That bug applies to Mailman 2.1 and we have already said many times that this was a design decision for Mailman 2.1, we recognize it was a bad decision, it is finally fixed in Mailman 3 and will not be fixed in Mailman 2.1. However, to be somewhat more consistent, I have marked #265179 as Won't Fix for Mailman 2.1. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/266821 Title: privacy hole in password reminder To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/266821/+subscriptions
participants (2)
-
Mark Sapiro
-
trampster