Mailman Insufficiently Protected Credentials Vulnerability - CVE-2021-43332 - Vulnerability Database

Mailman Insufficiently Protected Credentials Vulnerability - CVE-2021-43332

Medium

Reference: CVE-2021-43332

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2021-43332

Title: Mailman Insufficiently Protected Credentials Vulnerability

Overview:

In GNU Mailman before 2.1.36 the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack.