*** This bug is a security vulnerability ***
Private security bug reported:
The `csrf_token` generated for the `options` page is always an `admin`
token rather than specific to the authenticated user for that session.
This admin token contains information that is derived from the hashed
list admin password, which could theoretically allow a brute-force
attack to obtain the list admin password.
Thanks to Andre Protas, Richard Cloke and Andy Nuttall of Apple for
reporting these and helping with the development of a fix.
** Affects: mailman
Importance: Medium
Assignee: Mark Sapiro (msapiro)
Status: In Progress
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-42096
** Summary changed:
- Potential Privilege escallation via the user options page.
+ Potential Privilege escalation via the user options page.
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1947639
Title:
Potential Privilege escalation via the user options page.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1947639/+subscriptions
_______________________________________________
Mailman-coders mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/mailman-coders.python.org/
Member address: [email protected]
