[Mailman-Users] Edit options security flaw

Marius Amado Alves amado.alves at netcabo.pt
Tue Dec 14 00:20:55 CET 2004

I don't want to sign up with SourceForge so here's a bug report right here.

Sometimes version 2.1.5 lets a user A edit the options of another user B 
as follows.

User A consults the member list (using his name and password normally). 
Here A picks an email address of user B. User A returns to the main 
page, enters address of B in the Edit options slot and presses Edit 
options. Normally Mailman requires a password, but sometimes IT DOES NOT 
and goes straight to the editable options list page.

I'd like to know if somebody else has experienced this behavior.


More information about the Mailman-Users mailing list