[Bug 1501762] [NEW] Security issues: passwords are stored in plaintext
Steeve McCauley
1501762 at bugs.launchpad.net
Thu Oct 1 15:29:48 CEST 2015
*** This bug is a security vulnerability ***
Public security bug reported:
Passwords for the mailing list users are stored in plaintext, and mailed
to the users each month as "reminders" by default.
Passwords should be hashed securely using modern hashing methods and the
password thrown away. Mailing passwords in plaintext is something that
was acceptable in 1992, barely. Doing so in 2015 is insane.
At the very least the default setting of mailing out users passwords in
plaintext should be eliminated. Password recovery methods should be
modernized.
** Affects: mailman
Importance: Undecided
Status: New
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1501762
Title:
Security issues: passwords are stored in plaintext
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1501762/+subscriptions
More information about the Mailman-coders
mailing list