Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Mailman Password Retrieval

Information

Severity

Severity

Medium

Family

Family

Web application abuses

CVSSv2 Base

CVSSv2 Base

5.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Solution Type

Solution Type

Vendor Patch

Created

Created

18 years ago

Modified

Modified

5 years ago

Summary

The target is running version of the Mailman mailing list software that allows a list subscriber to retrieve the mailman password of any other subscriber

Insight

Insight

An attacker could exploit this issue by sending a specially crafted mail message to the server. Such a message sent via $listname-request@$target containing the lines : password address=$victim password address=$subscriber will return the password of both $victim and $subscriber for the list $listname@$target.

Solution

Solution

Upgrade to Mailman version 2.1.5 or newer.

Common Vulnerabilities and Exposures (CVE)