| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20140403091505.GA3791@gmail.com> Date: Thu, 3 Apr 2014 12:15:05 +0300 From: George Chatzisofroniou <sophron@...thi.com> To: Jeffrey Walton <noloader@...il.com> Cc: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org> Subject: Re: [FD] Security flaw in Full Disclosure mailing list On Wed, Apr 02, 2014 at 07:30:38PM -0400, Jeffrey Walton wrote: > On Wed, Apr 2, 2014 at 4:25 PM, Ron <ron@...llsecurity.net> wrote: > > That doesn't change the fact that it's storing the passwords in > > plaintext, though, it just hides the 'your passwords are completely > > insecure' issue a little bit. > Mailman 3 might be changing that behavior. See "Password handling in > MM3", https://mail.python.org/pipermail/mailman-developers/2010-July/021207.html. > > Unfortunately, it has not been released yet. See > "https://launchpad.net/mailman", https://launchpad.net/mailman. Plain texts passwords and reminders have already gone away in MM3. Note that MM3 has a Beta release with some sufficient functionality for anyone willing to try it out [1]. [1]: http://pythonhosted.org/mailman/src/mailman/docs/START.html -- George Chatzisofroniou _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists