In GNU Mailman prior to 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnu mailman |
||
debian debian linux 9.0 |