[OSM-talk] Mailing list security

Colin Smale colin.smale at xs4all.nl
Sat Nov 25 10:12:19 UTC 2017


I just got an email from the mailing list system that my
account/membership had been disabled due to "excessive bounces". I have
no idea why, but that is not the point I want to make here. My point is
that the email I received contained my password to that account, in
plain text! 

WTF#1: Why is it remembering the cleartext password and not a
non-reversible hash? 

WTF#2: Why is it sending my password around in the email? 

My feeling is that this needs fixing, and quick. 

//colin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/talk/attachments/20171125/c8d28b7f/attachment.html>


More information about the talk mailing list