The list admin or moderator password can be compromised by sending in an Approved: header
Bug #770581 reported by
Mark Sapiro
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
GNU Mailman |
Fix Released
|
Wishlist
|
Mark Sapiro |
Bug Description
If posting to a list is secured by requiring an Approved: or X-Approved: header for a post to be accepted without moderation, the list admin or moderator password can be compromised by sending it in the headers of an email message.
There should be a 'poster' password for this purpose only so the consequences of compromise would be less severe.
Changed in mailman: | |
status: | In Progress → Fix Committed |
Changed in mailman: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.