VULHUB ™

GNU Mailman is a freely available, open source mailing list manager written in Python, and maintained by public domain. A problem has been discovered in GNU Mailman that can allow users arbitrary access to accounts. When a password file has been created, but left blank, it is possible for a remote user to gain access to a user account as by entering an arbitrary password of any type. This is due to a bug in the crypt function, which upon receiving a blank salt, will return a blank hash.

GNU Mailman is a freely available, open source mailing list manager written in Python, and maintained by public domain. A problem has been discovered in GNU Mailman that can allow users arbitrary access to accounts. When a password file has been created, but left blank, it is possible for a remote user to gain access to a user account as by entering an arbitrary password of any type. This is due to a bug in the crypt function, which upon receiving a blank salt, will return a blank hash.