WordPress.org

Make WordPress Core

Opened 3 years ago

Closed 3 years ago

#15369 closed defect (bug) (wontfix)

Worpress exposes clear text passwords in the UI

Reported by: nh2 Owned by:
Milestone: Priority: lowest
Severity: trivial Version:
Component: Security Keywords: passwords
Focuses: Cc:

Description

Wordpress shows clear text passwords in at least the following:

  • The options page: mailserver password
  • The setup assistant: database password (!)
  • Maybe in wp-admin/network/site-users.php (search for "user_password") - I don't really know where to find that page being rendered
  • The metaboxes include.

See the attached patches against the current SVN trunk.

Change History (8)

comment:1 follow-ups: westi3 years ago

  • Priority changed from normal to lowest
  • Severity changed from major to trivial

This does nothing to actually hide the passwords.

The fields are much more user friendly as plain text for entering.

We could consider not displaying the email server password and returning a blank string and just letting people change it but the others are fine as they are.

comment:2 duck_3 years ago

Related: #5529, #11813

comment:3 in reply to: ↑ 1 nacin3 years ago

Replying to westi:

This does nothing to actually hide the passwords.

The fields are much more user friendly as plain text for entering.

We could consider not displaying the email server password and returning a blank string and just letting people change it but the others are fine as they are.

Agreed on all accounts. The mail server one is a good compromise.

comment:4 in reply to: ↑ 1 nh23 years ago

Replying to westi:

This does nothing to actually hide the passwords.

Of course, it displays bullets instead of the plain text passwords.

I don't know if this applies to you, but I am barely alone in the room when I set up Wordpress sites. Sometimes there is even video surveillance.

Just yesterday, I was inadvertently shown the MySQL password of a friend's database server because of this usability feature.

We could consider not displaying the email server password and returning a blank string and just letting people change it but the others are fine as they are.

Well, a very security-enhancing "compromise" if the potential villain watching your screen whilst standing behind you already knows the database password.

The fields are much more user friendly as plain text for entering.

What about doing it like most desktop software does it? Hide the characters by default and have a "show password" checkbox next to the input. This would provide both security and usability.

comment:5 westi3 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

This is a balance between usability and security.

Usability wins here.

Note: See TracTickets for help on using tickets.