Page MenuHomePhabricator

Stop storing Mailman passwords in plain text
Open, HighPublic

Description

When resetting passwords and once a month in the daily mailing list reminder, I get my password sent to me in plain text, meaning that we don’t hash and salt the passwords. This seems like security issue.

Event Timeline

Josve05a created this task.Dec 1 2017, 1:36 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 1 2017, 1:36 PM
Josve05a updated the task description. (Show Details)
Josve05a updated the task description. (Show Details)

Maybe this could be resolved with T52864?

Reedy added a subscriber: Reedy.Dec 1 2017, 2:20 PM

It's a very well known problem in Mailman 2

This ticket is simply not fixable in Mailman 2 afaik. Similar: https://phabricator.wikimedia.org/T59787

Legoktm renamed this task from Stop storing passwords in plain text to Stop storing Mailman passwords in plain text.Dec 1 2017, 4:32 PM
He7d3r added a subscriber: He7d3r.Feb 2 2018, 11:59 AM
Reedy triaged this task as High priority.Feb 12 2018, 10:27 AM
Restricted Application added a project: Operations. · View Herald TranscriptAug 10 2018, 10:17 AM