[security flaw] Ubuntu is a plain text offender
Amedee Van Gasse
amedee-ubuntu at amedee.be
Mon May 23 13:34:54 UTC 2011
On Mon, May 23, 2011 14:50, Amedee Van Gasse wrote:
>> On your membership page, you can change various delivery options such
>> as your email address and whether you get digests or not. As a
>> reminder, your membership password is
>>
>> *CENSORED*
>
> Also, why does Canonical store the mailing list passwords in plain text? I
> use lots of different passwords so it's not a big security problem for me.
> But I still find this one of the biggest WTFs in the Mailman software.
>
> I might even file a bug report. Or add to the already existing bug report:
> https://bugs.launchpad.net/mailman/+bug/266821
I just added my comments to the bug report.
Next I'm going to submit Ubuntu to the website that showcases plain text
offenders: http://plaintextoffenders.com
Ubuntu should stop using an insecure version of Mailman. Now.
More information about the ubuntu-users
mailing list