FAQ
Feature Requests item #1441723, was opened at 2006-03-03 00:48
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting:
https://sourceforge.net/tracker/?funcÞtail&atid50103&aid41723&group_id3

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: dmvianna (dmvianna)
Assigned to: Nobody/Anonymous (nobody)
Summary: privacy hole in password reminder

Initial Comment:
Mailman sends me password reminders in plain text. I
can disable this feature, but other users can manually
make it send a reminder just as if I had forgot the
password, with no other question being asked. If smart
enough to intercept that message, the attacker could:

1) Get my password;
2) get my IP in the mail header.

Possible solutions:

1) Some sites and programs use a "secret question"
which right answer would give the user the chance to
get a password reminder.

2) The password could be prompted in a secure html
page. I find this safer, as compared to plain text mails.

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?funcÞtail&atid50103&aid41723&group_id3

Search Discussions

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 1 of 1 | next ›
Discussion Overview
groupmailman-coders @
categoriespython
postedMar 2, '06 at 1:48p
activeMar 2, '06 at 1:48p
posts1
users1
websitelist.org

1 user in discussion

SourceForge.net: 1 post

People

Translate

site design / logo © 2022 Grokbase