While testing my local install, one of my colleges found an exploit with the "forgot password" and "unsubscribe" option of the web UI and ended up spamming me ( on purpose to prove the pt), 90 emails to the list-owner in under 5 min as a different user ( mainly my test user), so this could be easily scripted.
Has anyone else seen this issue, if so any suggestions on how to fix it? ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
