Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Security flaw in Full Disclosure mailing list

From: Eric G <eric () nixwizard net>
Date: Wed, 2 Apr 2014 14:39:13 -0400
When you sign up on the web page it explicitly tells you to not choose a
good password because it will be emailed to you in plain text. Then it also
tells you that if you leave the password field blank,  an auto generated
password will be emailed to you.

I chose to leave the field blank and let it email me a randomly generated
password. If some bad guy sniffed my smtp session and can administer my er,
FD digest settings or whatever then so be it I guess.

Just my two cents.

Eric
http://www.linkedin.com/in/ericgearhart
On Apr 2, 2014 11:28 AM, "Nick Lindridge" <nick () ioncube com> wrote:


Hi

Apologies if this has been pointed out before, hard to imagine that it
hasn't really. When signing up for the list, I was surprised that it
emailed back my password in plain text.

Can this security flaw be addressed?

Nick


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/



_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: