This script is Copyright (C) 2004-2012 George A. Theall
The remote host is running a mailing list application that is
affected by a password disclosure vulnerability.
The target is running a version of the Mailman mailing list software
that allows a list subscriber to retrieve the mailman password of any
other subscriber by means of a specially crafted mail message to the
server. That is, a message sent to $listname-request@$target
containing the lines :
will return the password of both $victim and $subscriber for the list
***** Nessus has determined the vulnerability exists on the target
***** simply by looking at the version number of Mailman installed
See also :
Upgrade to Mailman version 2.1.5 or newer as this reportedly fixes
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 3.7
Public Exploit Available : false
Nessus Plugin ID: 12253 (mailman_password_retrieval.nasl)
Bugtraq ID: 10412
CVE ID: CVE-2004-0412
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.