Mailman 2.0.x Empty Password Authentication Bypass Vulnerability

Mailman 2.0.x Empty Password Authentication Bypass Vulnerability

CVE-2001-1132 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Mailman 2.0.x before 2.0.6 allows remote attackers to gain access to list administrative pages when there is an empty site or list password, which is not properly handled during the call to the crypt function during authentication.

Learn more about our Web Application Penetration Testing UK.