GNU Mailman

List Moderator Login should check for username

Bug #674352 reported by arky on 2010-11-12

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	GNU Mailman	Triaged	Wishlist	Unassigned

Bug Description

List Moderator logins currently prompt for list moderator password only. It would be good idea if prompt for username/password login information to check if the user actually has permission to login.

The problem is when anyone who knows the list moderator password can access and moderate the list.

Mailman: 2.1.9

See original description

arky (arky) on 2010-11-12

description:

updated

Revision history for this message

Mark Sapiro (msapiro) wrote on 2010-11-12:

> The problem is when anyone who knows the list moderator password can access and moderate the list.

That is the way it is designed to work. See, e.g., <http://wiki.list.org/x/5YA9>.

Further, the owner addresses are listed in the footer of the admin and moderator login pages, so they aren't in any way secret.

I have marked this as "wishlist" for possible inclusion in a future release.

Changed in mailman:
importance:	Undecided → Wishlist
status:	New → Triaged

Revision history for this message

Andre Klapper (a9016009) wrote on 2014-03-12:

In practice, every time the list of mailing list admins changes, the password needs to be reset for everybody.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.