[Mailman-Users] Password in clear text

Henrik Rasmussen her at adm.ku.dk
Wed Jul 2 12:58:48 CEST 2014


I know this has been asked before, but I haven't found anything about whether or not this will be a future change or how to work around it.

The passwords in Mailman, are stored unencrypted. The web connection can be encrypted by SSL to avoid man in the middle, but passwords are sent in clear text in password reminders.

Is there any plans of a future change so passwords will be stored encrypted, and some kind of one-time link to change the password, instead of sending reminders, or some kind of challenge will be implemented, to avoid revealing the password to third party?

Otherwise I will request such a change.

Henrik Rasmussen


More information about the Mailman-Users mailing list