[Mailman-Users] Edit options security flaw
Kevin W. Gagel
gagel at cnc.bc.ca
Tue Dec 14 00:24:50 CET 2004
Marius,
What is the browser you are using?
----- Original Message Follows -----
From: Marius Amado Alves <amado.alves at netcabo.pt>
To: mailman-users at python.org
Subject: [Mailman-Users] Edit options security flaw
Date: Mon, 13 Dec 2004 23:20:55 +0000
> I don't want to sign up with SourceForge so here's a bug
> report right here.
>
> Sometimes version 2.1.5 lets a user A edit the options of
> another user B as follows.
>
> User A consults the member list (using his name and
> password normally). Here A picks an email address of user
> B. User A returns to the main page, enters address of B
> in the Edit options slot and presses Edit options.
> Normally Mailman requires a password, but sometimes IT
> DOES NOT and goes straight to the editable options list
> page.
>
> I'd like to know if somebody else has experienced this
> behavior.
>
> Regards,
> --Marius
>
> ------------------------------------------------------
> Mailman-Users mailing list
> Mailman-Users at python.org
> http://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
> Searchable Archives:
> http://www.mail-archive.com/mailman-users%40python.org/
=========================
Kevin W. Gagel
Network Administrator
Information Technology Services
(250) 561-5848 local 448
--------------------------------------------------------------
The College of New Caledonia, Visit us at http://www.cnc.bc.ca
Virus scanning is done on all incoming and outgoing email.
--------------------------------------------------------------
More information about the Mailman-Users
mailing list