[Owasp-orlando] Mailman list and plaintext passwords

Tony Turner tony.turner at owasp.org
Wed Feb 1 15:01:56 UTC 2012


I have now disabled the password reminders that are turned on by default in
the mailman list. You will no longer be emailed your password. They were
being sent out in plaintext which also means they are stored in the
database unencrypted. OWASP leadership is looking into the issue, including
suggestions for alternate mailing list software and changing the global
setting that I just adjusted for our list. As always, you should be using
unique passwords for each site to minimize impact of compromise. If you are
not, I would highly recommend changing your mailing list password to a
unique value. If you have any questions please feel free to contact me.

-- 
Tony Turner
OWASP Orlando Chapter Leader
tony.turner at owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-orlando/attachments/20120201/cfacc1fe/attachment.html>


More information about the Owasp-orlando mailing list