Mailman Password Completion Vulnerability

My Mailman 2.1.12 server was flagged with a low-risk vulnerability:

42057 Web Server Allows Password Auto-Completion

and I cannot tell from the description what URLs have this
vulnerability, nor do I know how to correct it. I know little
about apache. One Google search at this URL

https://developer.mozilla.org/en/How_to_Turn_Off_Form_Autocompletion

shows:

--------
For example, a typical form element line with autocompletion turned off
might look like the following:

<form name="form1" id="form1" method="post" autocomplete="off"
action="http://www.example.com/form.cgi">
[...]
</form>

This form attribute is not part of any web standards but was first
introduced in Microsoft's Internet Explorer 5. Netscape introduced it
in version 6.2 -- in prior versions, this attribute is ignored. The
autocomplete attribute was added at the insistance of banks and card
issuers -- but never followed through on to reach standards
certification.
--------

Am I correct in assuming that in order to "fix" this, I would have to
go to directory

/etc/mailman/en

and modify these HTML files that contain the string "password":

admlogin.html contains "<FORM METHOD=POST ACTION="%(path)s">"
listinfo.html contains "<MM-Roster-Form-Start>"
options.html contains "<MM-Form-Start>"

and the place where the two "Form-Start" strings are defined,
In ther long run, is the change worth making? Thanks.
----------------------------------------------------------------------
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory Phone: +1 (630) 252-7277
9700 South Cass Avenue Facsimile:+1 (630) 252-4601
Building 240, Room 5.B.8 Internet: BSFinkel (AT) anl (DOT) gov
Argonne, IL 60439-4828 IBMMAIL: I1004994

------------------------------------------------------
Mailman-Users mailing list Mailman-Users (AT) python (DOT) org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: http://mail.python.org/mailman/options/mailman-users/python%40highdots.com

On 5-Nov-2009, at 14:35, Barry Finkel wrote:

Quote:

Am I correct in assuming that in order to "fix" this, I would have to
go to directory

When you 'fix' this you piss people off. Severely.

--
I've got Mathematica 2.2 on my Quadra

------------------------------------------------------
Mailman-Users mailing list Mailman-Users (AT) python (DOT) org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: http://mail.python.org/mailman/options/mailman-users/python%40highdots.com