Password Reminder mails plaintext password

2017-09-21 Thread Michael Aquilina
I've just asked for a password reminder from https://lists.zx2c4.com/mailman/options/password-store and was *very* surprised to see that my plain text password had been emailed back to me. As a tool that focuses on security I feel like this is something that should really be fixed. Are there any

Re: Password Reminder mails plaintext password

2017-09-21 Thread Jason A. Donenfeld
1. Complain to upstream Mailman people. 2. Use a password manager, such as pass, so that you never use an important or overlapping password with Mailman. On Sep 21, 2017 12:35, "Michael Aquilina" wrote: > I've just asked for a password reminder from >

Re: Password Reminder mails plaintext password

2017-09-21 Thread Kevin Lyda
It's... a mailing list. There are bugs going back years for this regarding mailman. And apparently it will be "fixed" in version 3. But it really doesn't seem like an important thing. Kevin On Thu, Sep 21, 2017 at 12:04 PM Michael Aquilina wrote: > 2 is already done

Fwd: Password Reminder mails plaintext password

2017-09-21 Thread Chris Warrick
It looks like I forgot to Reply All. Repeating my message: On 21 September 2017 at 13:21, Michael Aquilina wrote: > I would disagree with you. Not everyone uses a password manager > (unfurtunately) If its not obvious that your password is going to be > stored in plain

Japanese character file name is not available

2017-09-21 Thread Jiro Iwamoto
Hi, I'm starting using password-store on Mac OS X. But Japanese characters is not available when execute "pass list" and "pass search". For example, error has occured below. % pass list Password Store ├── Adobe ├── Airbnb sed: RE error: illegal byte sequence % ls ~/.password-store/ドトール.gpg

Re: Password Reminder mails plaintext password

2017-09-21 Thread Michael Aquilina
I would disagree with you. Not everyone uses a password manager (unfurtunately) If its not obvious that your password is going to be stored in plain text then its going to be a nasty surprise. Or worse, you will never actually find out that your password has been stored in plain text somewhere.

Password Reminder mails plaintext password

2017-09-21 Thread Michael Aquilina
2 is already done of course ;) Regarding 1, I'll pop an email to their Mailing List. I wasnt aware this was the case for all Mailman projects :( > 1. Complain to upstream Mailman people. 2. Use a password manager, such as > pass, so that you never use an important or overlapping password with