This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.
The remote FreeBSD host is missing one or more security-related
Florian Weimer wrote :
Mailman 2.1.5 uses weak auto-generated passwords for new subscribers.
These passwords are assigned when members subscribe without specifying
their own password (either by email or the web frontend). Knowledge of
this password allows an attacker to gain access to the list archive
even though she's not a member and the archive is restricted to
members only. [...]
This means that only about 5 million different passwords are ever
generated, a number that is in the range of brute-force attacks -- you
only have to guess one subscriber address (which is usually not that
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.5