[Mailman-Users] Edit options security flaw

Kevin W. Gagel gagel at cnc.bc.ca
Tue Dec 14 00:24:50 CET 2004


Marius,
What is the browser you are using?

----- Original Message Follows -----
From: Marius Amado Alves <amado.alves at netcabo.pt>
To: mailman-users at python.org
Subject: [Mailman-Users] Edit options security flaw
Date: Mon, 13 Dec 2004 23:20:55 +0000

> I don't want to sign up with SourceForge so here's a bug
> report right here.
> 
> Sometimes version 2.1.5 lets a user A edit the options of
> another user B  as follows.
> 
> User A consults the member list (using his name and
> password normally).  Here A picks an email address of user
> B. User A returns to the main  page, enters address of B
> in the Edit options slot and presses Edit  options.
> Normally Mailman requires a password, but sometimes IT
> DOES NOT  and goes straight to the editable options list
> page.
> 
> I'd like to know if somebody else has experienced this
> behavior.
> 
> Regards,
> --Marius
> 
> ------------------------------------------------------
> Mailman-Users mailing list
> Mailman-Users at python.org
> http://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
> Searchable Archives:
> http://www.mail-archive.com/mailman-users%40python.org/

=========================
Kevin W. Gagel
Network Administrator
Information Technology Services
(250) 561-5848 local 448


--------------------------------------------------------------
The College of New Caledonia, Visit us at http://www.cnc.bc.ca
Virus scanning is done on all incoming and outgoing email.
--------------------------------------------------------------



More information about the Mailman-Users mailing list