[OSM-talk] Mailing list security
Colin Smale
colin.smale at xs4all.nl
Sat Nov 25 10:12:19 UTC 2017
I just got an email from the mailing list system that my
account/membership had been disabled due to "excessive bounces". I have
no idea why, but that is not the point I want to make here. My point is
that the email I received contained my password to that account, in
plain text!
WTF#1: Why is it remembering the cleartext password and not a
non-reversible hash?
WTF#2: Why is it sending my password around in the email?
My feeling is that this needs fixing, and quick.
//colin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/talk/attachments/20171125/c8d28b7f/attachment.html>
More information about the talk
mailing list