Majordomo-Users: Re: How secure is "+confirm"?

Majordomo-Users
(June 1998)

Indexed By Thread: [Previous] [Next]

Subject:	Re: How secure is "+confirm"?
From:	Dave Barr <barr @ cis . ohio-state . edu>
Date:	Mon, 01 Jun 1998 16:08:22 -0400
To:	majordomo-users @ GreatCircle . COM
In-reply-to:	Your message of "Mon, 01 Jun 1998 14:23:15 EDT." <199806011823.OAA06152@panix4.panix.com>

>Look at the variable $cookie_seed in the majordomo.cf file.  It permits you
>to put in your own private seed into the algorithm that generates the
>confirmation cookies.

I argued for a while that it should have used the list config password
as the cookie seed.  That would have stopped this attack.  Alas nobody
listened to me.

--Dave

References:

Re: How secure is "+confirm"?
From: malgosia askanas <askanas@panix.com>

Indexed By Date	Previous:	Re: How secure is "+confirm"? From: Lazlo Nibble <lazlo@swcp.com>
Indexed By Date	Next:	Re: [YIP] Re: Profile of Leah Fisher-nevermore2@hotmail.com- From: "Michael" <michael@bizsystems.com>
Indexed By Thread	Previous:	Re: How secure is "+confirm"? From: Lazlo Nibble <lazlo@swcp.com>
Indexed By Thread	Next:	Re: Malformed Headers... From: Jason L Tibbitts III <tibbs@hpc.uh.edu>