[dundee] Concerning mailman security
Nicholas Walker
tel0seh at googlemail.com
Mon Aug 6 09:48:59 UTC 2012
Hey,
I've just recieved one of the monthly "you're subscribed to this list"
reminder emails (as if i needed reminding every month, after receiving
multiple emails every day.)
and noticed that my password for the list was emailed to me as part of the
content, in *plaintext*.
I hope I don't have to remind anyone here how this breaks every rule in the
book, passwords should ALWAYS be stored hashed, and a user should NEVER
need to recieve their password.
please take a read over this link:
http://www.troyhunt.com/2012/07/lessons-in-website-security-anti.html
Can this be rectified please? I'd really rather not have one of my
passwords floating around the internets. I know who hangs out there.
Nick.
--
Nick Walker
President : The Linux Society
UAD Ethical Hacker
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/dundee/attachments/20120806/45735bac/attachment.htm>
More information about the dundee
mailing list