The list admin or moderator password can be compromised by sending in an Approved: header

Bug #770581 reported by Mark Sapiro on 2011-04-25
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
GNU Mailman
Wishlist
Mark Sapiro

Bug Description

If posting to a list is secured by requiring an Approved: or X-Approved: header for a post to be accepted without moderation, the list admin or moderator password can be compromised by sending it in the headers of an email message.

There should be a 'poster' password for this purpose only so the consequences of compromise would be less severe.

Mark Sapiro (msapiro) on 2011-04-26
Changed in mailman:
status: In Progress → Fix Committed
Mark Sapiro (msapiro) on 2012-06-15
Changed in mailman:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers