A flaw in Mailman 2.1.* allows a remote attacker to retrieve the mailman password of any subscriber by sending a carefully crafted email request to the mailman server. A simple patch is available and is fixed upstream in Mailman 2.1.5. CAN-2004-0412 Affects: FC1 CAN-2004-0412 Affects: FC2