On Dec 13, 2021, at 12:33 PM, Krista <[log in to unmask]> wrote:I tried the command REP PW XXXXX and REP password XXXXX and even REP XXXXX and all said "unknown command". I must be using the wrong command or wrong syntax.So it is possible for a user to initiate the change by sending the command, with the password, in the email, correct? Is there any way to not allow that and to require them to go to the website to initiate that change?
KristaAssuming that your email clients and servers are using TLS the password updates are being end-to-end encrypted by the mail system. Note that listserv does not send password changes, it only receives them. However, anyone able to log in to the listserv user account can see password updates.On Dec 13, 2021, at 11:33 AM, Krista <[log in to unmask]> wrote:My company's IT security folks are concerned that ListServ 16.5 may send password changes "in the clear" through unencrypted email, or that users could send passwords change requests, via email, to the server (not encrypted).We're using the ListServ on Windows. Does this ever happen, and if so is it possible for any password changes / requests to be initiated through the web interface only, and that it won't accept users trying to change PW via a mail command, and/or won't send passwords unencrypted via email?Krista Landon
To unsubscribe from the LSTSRV-L list, click the following link:
http://peach.ease.lsoft.com/scripts/wa-PEACH.exe?SUBED1=LSTSRV-L&A=1
To unsubscribe from the LSTSRV-L list, click the following link:
http://peach.ease.lsoft.com/scripts/wa-PEACH.exe?SUBED1=LSTSRV-L&A=1
To unsubscribe from the LSTSRV-L list, click the following link:
http://peach.ease.lsoft.com/scripts/wa-PEACH.exe?SUBED1=LSTSRV-L&A=1