[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] misconfigured mailing list (mailman software) for torproject discloses passwords in plaintext (stores too?)



Upon signing up for the mailing list on the list server, my password was emailed to me in plaintext. In the year 2012 this is extremely bad security practice. At the very least the sign-up page should warn users to make the password unique.

The password may also be stored in reverseable format.

I used a unique random password for this mailing list, I'm going to guess however a significant portion of the mailing list either uses this password in other locations, a significant subset of them probably can't trust their mailbox to be secure.

Thanks,
Matt

Matthew Fisch
mfisch@xxxxxxxxxx

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk