Stop sending plain-text passwords in reminder emails (and, mailbox full)

perlorg / www.pm.org

Perl Mongers Website

http://www.pm.org

25 stars 53 forks source link

Stop sending plain-text passwords in reminder emails (and, mailbox full) #136

Closed larryl closed 6 years ago

larryl commented 6 years ago

The pm.org reminder emails from mailman-owner@pm.org contain plain-text passwords:

Passwords for larryl@emailplus.org:

List                                     Password // URL
----                                     --------  
denver-pm@pm.org                         ***REDACTED***

I tried to email mailman-owner@pm.org about it and got:

<root@x6.develooper.com> (expanded from <postmaster@localhost.develooper.com>):
    cannot update mailbox /var/mail/root for user root. error writing message:
    File too large

jhannah commented 6 years ago

You can disable your own reminders by logging in as yourself and managing your subscription to the list here: http://mail.pm.org/mailman/listinfo/denver-pm
Your group leader can disable reminders for all users here: http://mail.pm.org/mailman/admin/denver-pm/?VARHELP=general/send_reminders
@rspier will have to look at mailman-owner@pm.org File too large, I don't have access to that.

larryl commented 6 years ago

Thanks Jay, I turned off password reminder emails. But I was hoping for something a bit more secure to replace the current process of mailing passwords in plain text, like instead mailing a reset link.

jhannah commented 6 years ago

Nod. I assume MailMan is open source. I don't know if our MailMan is current. Patches to that project welcome, I assume. :)

rspier commented 6 years ago

We're using the latest version of Mailman 2. I'm not sure if Mailman 3 has changed this system, but it's a very non-trivial upgrade.

This is how Mailman works, and we're unlikely to make a custom patch for it. Realistically, if someone can read your email, you have bigger problems than someone changing a mailing list subscription. Remember, mailing lists often authenticate you based on email address.

larryl commented 6 years ago

Realistically, if you are storing plain text passwords in your database and don't seem to care about the security implications of that, you have bigger problems.

rspier commented 6 years ago

You can bring that up with the mailman developers. The passwords are a convenience -- as I said before, for most mailing lists the "password" is your email address. This isn't any worse.

rspier commented 6 years ago

The mailman-owner issue has been fixed.