[Mailman-Developers] bug report submitted: admin password is
checked when it should not
Barry Warsaw
barry at python.org
Wed Feb 25 16:04:50 EST 2004
On Mon, 2004-02-16 at 05:33, Heiko.Scheit at mpi-hd.mpg.de wrote:
> For your information: I just submitted the bug report below on
> the SF mailman page.
>
> Greetings, Heiko.
>
>
> admin password is checked when it should
> -----------------------------------------
>
> To see the problem you have to be the administrator of a
> list. Go to the members options login page
>
> .../mailman/options/<listname>
>
> and enter something like a valid email address, e.g.:
>
> xxx at xxx.xxx
>
> and as password enter the ADMIN password! You will get
> something like:
>
> Bug in Mailman version 2.1.4
This is fixed in CVS for MM2.1.5.
> What is worse: if you enter a valid email address (of a
> list member) and the admin password you are the admin.
> So, any list member that happens to choose the same
> password as the admin has full access to the
> administrative interface.
Yep. Pick your admin passwords wisely <wink>.
> Somehow I think it would be better to also have an admin
> username and not just an admin password. Or, for each
> member an admin flag can be set. The admin has to be a
> member and can login with email and password as anybody
> else.
Something like this is the plan for MM3.
-Barry
More information about the Mailman-Developers
mailing list