Make WordPress Core

Opened 15 years ago

Closed 14 years ago

#15369 closed defect (bug) (wontfix)

Worpress exposes clear text passwords in the UI

Reported by: nh2's profile nh2 Owned by:
Milestone: Priority: lowest
Severity: trivial Version:
Component: Security Keywords: passwords
Focuses: Cc:

Description

Wordpress shows clear text passwords in at least the following:

  • The options page: mailserver password
  • The setup assistant: database password (!)
  • Maybe in wp-admin/network/site-users.php (search for "user_password") - I don't really know where to find that page being rendered
  • The metaboxes include.

See the attached patches against the current SVN trunk.

Change History (8)

#1 follow-ups: @westi
15 years ago

  • Priority changed from normal to lowest
  • Severity changed from major to trivial

This does nothing to actually hide the passwords.

The fields are much more user friendly as plain text for entering.

We could consider not displaying the email server password and returning a blank string and just letting people change it but the others are fine as they are.

#2 @duck_
15 years ago

Related: #5529, #11813

#3 in reply to: ↑ 1 @nacin
15 years ago

Replying to westi:

This does nothing to actually hide the passwords.

The fields are much more user friendly as plain text for entering.

We could consider not displaying the email server password and returning a blank string and just letting people change it but the others are fine as they are.

Agreed on all accounts. The mail server one is a good compromise.

#4 in reply to: ↑ 1 @nh2
15 years ago

Replying to westi:

This does nothing to actually hide the passwords.

Of course, it displays bullets instead of the plain text passwords.

I don't know if this applies to you, but I am barely alone in the room when I set up Wordpress sites. Sometimes there is even video surveillance.

Just yesterday, I was inadvertently shown the MySQL password of a friend's database server because of this usability feature.

We could consider not displaying the email server password and returning a blank string and just letting people change it but the others are fine as they are.

Well, a very security-enhancing "compromise" if the potential villain watching your screen whilst standing behind you already knows the database password.

The fields are much more user friendly as plain text for entering.

What about doing it like most desktop software does it? Hide the characters by default and have a "show password" checkbox next to the input. This would provide both security and usability.

#5 @westi
14 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

This is a balance between usability and security.

Usability wins here.

Note: See TracTickets for help on using tickets.