*** This bug is a security vulnerability ***
Private security bug reported:
The CSRF token for the admindb page contains an encrypted version of the
list admin password which could potentially be cracked by a moderator
via an off-line brute force attack.
** Affects: mailman
Importance: Undecided
Assignee: Mark Sapiro (msapiro)
Status: In Progress
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1949403
Title:
A vulnerability could allow a list moderator to discover the admin
password.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1949403/+subscriptions
_______________________________________________
Mailman-coders mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/mailman-coders.python.org/
Member address: [email protected]
