Developers of Sympa

[David Verdin <address@concealed>]

It's intended as a feature, for virtual hosting: you have the server listmasters and the virtual host listmasters, who can see only the vhost they are in charge of.
As a server listmaster, you can have to endorse a vhost listmaster identity to verify what she sees.

It might be a security issue if a vhot listmaster could endorse the server listmasters' identity.

Regards,

David

Le 03/06/13 15:48, Marc Chantreux a écrit :

hello everyone,

as listmaster, i was able to hijack the identity of another one (i don't
know exactly how). I see it as a security hole want would like to
investigate but maybe it's a feature (an easter egg? ;)).

can someone tell me ? 

regards

--
A bug in Sympa? Quick! To the bug tracker!

David Verdin Infrastructure pour les Services Informatiques
Tél : +33 2 23 23 69 71 Fax : +33 2 23 23 71 21   www.renater.fr	RENATER 263 Avenue du Gal Leclerc 35042 Rennes Cedex

Attachment: smime.p7s
Description: Signature cryptographique S/MIME