[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FD] Security flaw in Full Disclosure mailing list
- To: "fulldisclosure@xxxxxxxxxxxx" <fulldisclosure@xxxxxxxxxxxx>
- Subject: Re: [FD] Security flaw in Full Disclosure mailing list
- From: Jim Popovitch <jimpop@xxxxxxxxx>
- Date: Wed, 2 Apr 2014 16:06:24 -0400
Mailman always needs some post-install tweaks.....
Just apply this (for mm 2.1.x)
--- cron/mailpasswds 2012-11-02 03:19:11 +0000
+++ cron/mailpasswds 2013-03-03 21:26:43 +0000
@@ -184,7 +184,7 @@
fmt = '%s\n %-10s\n%s\n'
else:
fmt = '%-40s %-10s\n%s\n'
- table.append(fmt % (listaddr, password, optionsurl))
+ table.append(fmt % (listaddr, "********", optionsurl))
# Figure out which language to use
langcnt = 0
poplang = None
-Jim P.
On Wed, Apr 2, 2014 at 3:20 PM, Fyodor <fyodor@xxxxxxxx> wrote:
> On Wed, Apr 2, 2014 at 11:54 AM, Jimmy Crossley <jcrossley@xxxxxxxxxxxx>wrote:
>
>> This "feature" can be disabled in the options after logging in at
>> http://nmap.org/mailman/options/fulldisclosure.
>>
>> Select No to the "Get password reminder email for this list?" item.
>>
>
> You don't need to worry about that on this list (or any other list I run)
> since the monthly password "reminder" feature is fully disabled. But these
> are great instructions for people to use on any lists which do send the
> annoying reminders. Mailman on this list does still send the "password" it
> generates at list subscription time and if you request a password reminder.
> This is just used for people to edit their individual list preferences.
>
> Cheers,
> Fyodor
>
> _______________________________________________
> Sent through the Full Disclosure mailing list
> http://nmap.org/mailman/listinfo/fulldisclosure
> Web Archives & RSS: http://seclists.org/fulldisclosure/
_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/