On Fri, Jul 1, 2011 at 2:30 PM, Mike Samuel <mikesam...@gmail.com> wrote: > 2011/7/1 Mike Shaver <mike.sha...@gmail.com>: >> What can someone do with that password, though? Just change your >> subscription settings, afaik, so the security in place seems proportionate. >> >> Could report it upstream to the mailman team, I suppose. > > Use it to do a better job of impersonating. Try it out on other sites.
I don't understand how you could impersonate better, could you explain? You can send mail with any From: you want without bothering to go through someone's mailman account, and you can't even send mail from the mailman interface! Since mailman passwords are randomly generated at subscription time (and virtually never changed), password reuse is pretty unlikely. Mike _______________________________________________ es-discuss mailing list es-discuss@mozilla.org https://mail.mozilla.org/listinfo/es-discuss