*** This bug is a security vulnerability ***
Private security bug reported:
This is similar to but different from #1968443. The issue is on a list
with private rosters an attempt to log in to the options page with an
email address which is not a list member just returns the options login
page with no error, but attempt to login with an email address which is
a list member returns the page with a 401 status and an `Authentication
failed.` error message.
This could be used to fish for membership on a list with private
rosters.
** Affects: mailman
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/2015416
Title:
Membership information leak through options page.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/2015416/+subscriptions
_______________________________________________
Mailman-coders mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/mailman-coders.python.org/
Member address: [email protected]
