[Mailman-Users] Edit options security flaw
Marius Amado Alves
amado.alves at netcabo.pt
Tue Dec 14 00:20:55 CET 2004
I don't want to sign up with SourceForge so here's a bug report right here.
Sometimes version 2.1.5 lets a user A edit the options of another user B
as follows.
User A consults the member list (using his name and password normally).
Here A picks an email address of user B. User A returns to the main
page, enters address of B in the Edit options slot and presses Edit
options. Normally Mailman requires a password, but sometimes IT DOES NOT
and goes straight to the editable options list page.
I'd like to know if somebody else has experienced this behavior.
Regards,
--Marius
More information about the Mailman-Users
mailing list