| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAFzrbiF1bJiSMQjYVEGQ8bEAuhcgrxjw517ja3BzMgb3fEDuKQ@mail.gmail.com> Date: Wed, 2 Apr 2014 14:39:13 -0400 From: Eric G <eric@...wizard.net> To: Nick Lindridge <nick@...cube.com> Cc: Full Disclosure Mailing List <fulldisclosure@...lists.org> Subject: Re: [FD] Security flaw in Full Disclosure mailing list When you sign up on the web page it explicitly tells you to not choose a good password because it will be emailed to you in plain text. Then it also tells you that if you leave the password field blank, an auto generated password will be emailed to you. I chose to leave the field blank and let it email me a randomly generated password. If some bad guy sniffed my smtp session and can administer my er, FD digest settings or whatever then so be it I guess. Just my two cents. Eric http://www.linkedin.com/in/ericgearhart On Apr 2, 2014 11:28 AM, "Nick Lindridge" <nick@...cube.com> wrote: > Hi > > Apologies if this has been pointed out before, hard to imagine that it > hasn't really. When signing up for the list, I was surprised that it > emailed back my password in plain text. > > Can this security flaw be addressed? > > Nick > > > _______________________________________________ > Sent through the Full Disclosure mailing list > http://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ > _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists