mailman -- brute-force vuln on list admin password, and CSRF vuln in releases before 2.1.35
Mark Sapiro reports:
A potential for for a list member to carry out an off-line brute
force attack to obtain the list admin password has been reported by
Andre Protas, Richard Cloke and Andy Nuttall of Apple. This is
A CSRF attack via the user options page could allow takeover of a
users account. This is fixed.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright