By Robert Lemos Staff Writer, CNET News.com
A previously unknown vulnerability in Mailman, a popular open-source program for managing mailing lists, has led to the theft of the password file for a well-known security discussion group.
The theft, discovered this week and reported in an announcement to the Full Disclosure security mailing list on Wednesday, casts uncertainty on the security of other discussion groups that use the open-source Mailman package. By specially crafting a Web address, an attacker can obtain the password for every member of a discussion group.