[Mailman-Developers] [Fwd: [vendor-sec] Weak auto-generated
passwords in Mailman]
John W. Baxter
jwblist at olympus.net
Wed Dec 22 22:56:13 CET 2004
On 12/21/2004 15:47, "Terri Oda" <terri at zone12.com> wrote:
> On Dec 15, 2004, at 11:37 AM, John Dennis wrote:
>
>> This was forwarded to me by our security officer. I believe the
>> original
>> author, Florian Weimer, intended to reach this list but did not know
>> how
>> to and instead went through his security contacts. Perhaps Florian's
>> concerns would best be addressed in MM 3.0 and maybe this should be
>> added to the MM 3.0 feature list. BTW, is there an independent MM 3.0
>> list? I thought I had heard such a beast existed, but my recollection
>> is
>> hazy.
>
The underlying problem may be that Mailman refers to the access tokens as
"passwords".
They are not "passwords" in the sense a security office would think of (they
travel around in cleartext; they are stored in cleartext; they are
gratuitously or by unauthenticated request mailed out, etc.
The expectation level should be implicit in the text from the listinfo page:
"You may enter a privacy password below. This provides only mild security,
but should prevent others from messing with your subscription. Do not use
a valuable password as it will occasionally be emailed back to you in
cleartext."
Designing an archiving system such that only people who were subscribed at
the time a message was posted and have been subscribed continuously since
can see that message would certainly be possible (if the problems of email
address changes are solved, which probably implies that an email address is
no longer an identifier), along with "better" passwords. I would think it
would be an option, not the new "way things are."
--John
More information about the Mailman-Developers
mailing list