Family: Misc. --> Category: infos
Mailman Password Retrieval Vulnerability Scan
Vulnerability Scan Summary
Checks for Mailman Password Retrieval Vulnerability
Detailed Explanation for this Vulnerability Test
The target is running version of the Mailman mailing list software that
allows a list subscriber to retrieve the mailman password of any other
subscriber by means of a specially crafted mail message to the server.
That is, a message sent to $listname-request@$target containing the
will return the password of both $victim and $subscriber for the list
***** Nessus has acertaind the vulnerability exists on the target
***** simply by looking at the version number of Mailman installed
Solution : Upgrade to Mailman version 2.1.5 or newer.
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.