lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 2 Apr 2014 16:32:27 -0400 From: Jim Popovitch <jimpop@...il.com> To: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org> Subject: Re: [FD] Security flaw in Full Disclosure mailing list On Wed, Apr 2, 2014 at 4:25 PM, Ron <ron@...llsecurity.net> wrote: > That doesn't change the fact that it's storing the passwords in > plaintext, though, it just hides the 'your passwords are completely > insecure' issue a little bit. Of course. That patch (one liner) is just to prevent the bulk monthly reminders (which often end up in spam filters or in some admins dead.letter box) from containing the actual insecure password which could be used to produce no actual harm. As someone else noted, mailman never claims to securely store your password, and my patch simply keeps a list from defaulting to distributing that plainly stored password. -Jim P. _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists