[sf-lug] Yes, Mailman stores and sends the passwords in the clear: Re: Anyone here had any contact with Linu xChix.org?
Akkana Peck
akkana at shallowsky.com
Sat Jun 8 12:39:41 PDT 2019
Rick Moen writes:
> 'Storing passwords in plaintext and e-mailing them in plaintext is bad
> because bad things can be done with them.' Fine, go on, what specific
> bad things?
I always wondered that, and the best scenario I came up with was:
user is reading mail via an unencrypted connection on an open or
compromised network, someone is eavesdropping on the POP/IMAP
connection, steals user's credentials, logs in to mailman server,
changes the email address and then posts some kind of incriminating
or embarrassing message masquerading as the user.
It seems an unlikely scenario, but it could possibly happen,
say, at a computer conference where there's an insecure network and
attendees who might be well known in the community (except why would
they be using an unencrypted mail connection in 2019? The scenario
made a little more sense ten years ago.)
> Maliciously unsubscribe the user? Actually, no, not even that, because
> confirmation via three-way handshake is required. Actions not requiring
> confirmation amount to things like toggling on or off 'vacation' mode or
> switching the user between normal and digest reception.
Maliciously posting spoofed mails sounds more likely. It would most
likely be discovered quickly, within a day or so, but you could
potentially damage someone's reputation with people who didn't
read the followup and find out it was spoofed. But it still depends
on a bunch of specific and unlikely circumstances coinciding.
On the other hand, password reset isn't hard to implement, so
it's not like there's any need to send out cleartext passwords.
...Akkana
More information about the sf-lug
mailing list