Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-43332: Bug #1949403 “A vulnerability could allow a list moderator to di...” : Bugs : GNU Mailman

In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack.

CVE
#csrf#vulnerability#sap

A vulnerability could allow a list moderator to discover the admin password.

Bug #1949403 reported by Mark Sapiro on 2021-11-01

This bug affects 1 person

Affects

Status

Importance

Assigned to

Milestone

GNU Mailman

Fix Released

Undecided

Mark Sapiro

GNU Mailman 2.1.36

Bug Description

The CSRF token for the admindb page contains an encrypted version of the list admin password which could potentially be cracked by a moderator via an off-line brute force attack.

Related branches

To post a comment you must log in.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907