Opened 3 years ago
Closed 3 years ago
#15369 closed defect (bug) (wontfix)
Worpress exposes clear text passwords in the UI
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | lowest | |
| Severity: | trivial | Version: | |
| Component: | Security | Keywords: | passwords |
| Focuses: | Cc: |
Description
Wordpress shows clear text passwords in at least the following:
- The options page: mailserver password
- The setup assistant: database password (!)
- Maybe in wp-admin/network/site-users.php (search for "user_password") - I don't really know where to find that page being rendered
- The metaboxes include.
See the attached patches against the current SVN trunk.
Attachments (3)
Change History (8)
comment:1
follow-ups:
↓ 3
↓ 4
westi
— 3 years ago
- Priority changed from normal to lowest
- Severity changed from major to trivial
comment:3
in reply to:
↑ 1
nacin
— 3 years ago
Replying to westi:
This does nothing to actually hide the passwords.
The fields are much more user friendly as plain text for entering.
We could consider not displaying the email server password and returning a blank string and just letting people change it but the others are fine as they are.
Agreed on all accounts. The mail server one is a good compromise.
comment:4
in reply to:
↑ 1
nh2
— 3 years ago
Replying to westi:
This does nothing to actually hide the passwords.
Of course, it displays bullets instead of the plain text passwords.
I don't know if this applies to you, but I am barely alone in the room when I set up Wordpress sites. Sometimes there is even video surveillance.
Just yesterday, I was inadvertently shown the MySQL password of a friend's database server because of this usability feature.
We could consider not displaying the email server password and returning a blank string and just letting people change it but the others are fine as they are.
Well, a very security-enhancing "compromise" if the potential villain watching your screen whilst standing behind you already knows the database password.
The fields are much more user friendly as plain text for entering.
What about doing it like most desktop software does it? Hide the characters by default and have a "show password" checkbox next to the input. This would provide both security and usability.
This does nothing to actually hide the passwords.
The fields are much more user friendly as plain text for entering.
We could consider not displaying the email server password and returning a blank string and just letting people change it but the others are fine as they are.