[Owasp-board] Got another 50 Bounces today.

Matt Tesauro matt.tesauro at owasp.org
Thu Apr 5 13:48:20 UTC 2012

Currently we have a poorly documented Mailman 2.x setup without an assigned

Mailman 2.x stores passwords in a reversible (e.g. clear text) fashion.  So
we can either:

(1) Move to a different list management system/software
(2) Create a patch for the 2.x branch of Mailman and patch our existing
(3) Move to Mailman 3.x which is currently not the stable branch
(4) Accept that Mailman has clear text passwords (it does say not to use an
important password during signup)

Each of these options will require some amount of work and we currently do
not have an IT administrator for our systems.  I've been trying to put out
fires with Mailman but by no means understand the current configuration and
my total time admin'ing Mailman is the couple of times I've tried to fix
broken things or combat spam.  If we as a board determine this is a large
enough issue, someone will need to step up and manage whichever option is
determined to be best.

-- Matt Tesauro
OWASP Board Member
OWASP WTE Project Lead
http://AppSecLive.org - Community and Download site

On Thu, Apr 5, 2012 at 8:17 AM, Eoin <eoin.keary at owasp.org> wrote:

> Password is also being sent in the clear.
> What can we do??
> Eoin Keary
> BCC Risk Advisory
> Owasp Global Board
> +353 87 977 2988
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20120405/c5616565/attachment.html>

More information about the Owasp-board mailing list