Description
The password generation in mailman before 2.1.5 generates only 5 million unique passwords, which makes it easier for remote attackers to guess passwords via a brute force attack.
Product(s):
- GNU Mailman 1.0
- GNU Mailman 1.1
- GNU Mailman 2.0.10
- GNU Mailman 2.0.11
- GNU Mailman 2.0.12
- GNU Mailman 2.0.13
- GNU Mailman 2.0.1
- GNU Mailman 2.0.2
- GNU Mailman 2.0.3
- GNU Mailman 2.0.4
- GNU Mailman 2.0.5
- GNU Mailman 2.0.6
- GNU Mailman 2.0.7
- GNU Mailman 2.0.8
- GNU Mailman 2.0.9
- GNU Mailman 2.0
- GNU Mailman 2.0 beta3
- GNU Mailman 2.0 beta4
- GNU Mailman 2.0 beta5
- GNU Mailman 2.1.1
- GNU Mailman 2.1.1b1
- GNU Mailman 2.1.2
- GNU Mailman 2.1.3
- GNU Mailman 2.1.4
- GNU Mailman 2.1
- GNU Mailman 2.1 alpha
- GNU Mailman 2.1 beta
- GNU Mailman 2.1 stable
- GNU Mailman 2.1b1
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-1143, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-1143 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.