Mailman Crated Email Remote User Password Disclosure
Medium Nessus Plugin ID 12253
SynopsisThe remote host is running a mailing list application that is affected by a password disclosure vulnerability.
DescriptionThe target is running a version of the Mailman mailing list software that allows a list subscriber to retrieve the mailman password of any other subscriber by means of a specially crafted mail message to the server. That is, a message sent to [email protected]$target containing the lines :
password address=$victim password address=$subscriber
will return the password of both $victim and $subscriber for the list [email protected]$target.
***** Nessus has determined the vulnerability exists on the target
***** simply by looking at the version number of Mailman installed
SolutionUpgrade to Mailman version 2.1.5 or newer as this reportedly fixes the issue.