TELECOM Digest OnLine - Sorted: Flaw in Mail-List Software Leaks Passwords

Flaw in Mail-List Software Leaks Passwords

Monty Solomon (
Tue, 22 Feb 2005 16:27:31 -0500

By Robert Lemos
Staff Writer, CNET

A previously unknown vulnerability in Mailman, a popular open-source
program for managing mailing lists, has led to the theft of the
password file for a well-known security discussion group.

The theft, discovered this week and reported in an announcement to the
Full Disclosure security mailing list on Wednesday, casts uncertainty
on the security of other discussion groups that use the open-source
Mailman package. By specially crafting a Web address, an attacker can
obtain the password for every member of a discussion group.

Post Followup Article Use your browser's quoting feature to quote article into reply
Go to Next message: Monty Solomon: "ID Security Breach May Affect People in Every State, Firm Says"
Go to Previous message: Lisa Minter: "New Jersey on Child Porn Crusade (Lisa Minter)"
TELECOM Digest: Home Page