It looks like the cookie (for subscribe=..+confirm) used by
majordomo is trivially easy to compute by a third party. I notice
there's some attempt at randomization thrown in by the $cookie_seed
variable, however this variable is never set!
I propose a fix like this: cookie generation would be
done by a one-way hashing function f($list,$action,$subscriber,$admin_passwd)
That would take away the ability to compute the cookie unless you knew
admin_passwd.
That being said, we should improve the security and awareness
of passwords. If majordomo sees the passwords haven't been changed
from the default $listname.{pass,admin} majordomo should _generate_
ones and e-mail the admin_passwd and appprove_passwd to owner-$listname
and $listname-approval respectively. This e-mail would include an
explanation to the list owner/approver of what the password is used for
and how the list owner can change them.
--Dave
Follow-Ups:
|
|
