PT-2001-2274 · Gnu · Mailman
Published
2001-09-05
·
Updated
2017-10-10
·
CVE-2001-1132
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Mailman versions 2.0.x through 2.0.5
Description
The issue allows remote attackers to gain access to list administrative pages when there is an empty site or list password. This occurs because the empty password is not properly handled during the call to the
crypt function during authentication.Recommendations
For Mailman versions 2.0.x through 2.0.5, update to version 2.0.6 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mailman