Objet : Pour les administrateurs de serveurs de listes utilisant le logiciel Sympa
Archives de la liste
- From: Strimpakos Giorgos <adresse@cachée>
- To: adresse@cachée
- Subject: [sympa-fr] editor_key problem or what?
- Date: Fri, 8 Nov 2013 15:34:05 +0200
Hello,
this is my first time I use this list. Sorry if this is an inappropriate list to send this kind of message. I tried to subscribe to developers list but confirmation for my cru account never arrived to my mailbox. I would like to share with you a kind of "vulnerability" with you.
Let's say we have a list with a policy to moderate messages. The problem is that if a message is going to be moderated (scenari action editor_key), and someone sends a confirmation message with the correct hash at sympa@robot, then the message will be distributed.
example:
listname: testlist
robot: example.com
message hash:00d88434cffb08d5d7bf8fef8293e282
Anyone can send a message to adresse@cachée with Subject:
DISTRIBUTE testlist 00d88434cffb08d5d7bf8fef8293e282
Is this the way things should run?
I search for this kind of bug or something prior to my version (6.1.4). Is this a security risk?
Thanks
Giorgos
-
[sympa-fr] editor_key problem or what?,
Strimpakos Giorgos, 08/11/2013
- Re: [sympa-fr] editor_key problem or what?, David Verdin, 08/11/2013
Archives gérées par MHonArc 2.6.19+.