#16845: Admin should hide password hash field by default
-------------------------------------+-------------------------------------
Reporter: PaulM | Owner: nobody
Type: | Status: new
Cleanup/optimization | Component:
Milestone: 1.4 | contrib.auth
Version: 1.3 | Severity: Normal
Keywords: | Triage Stage:
Has patch: 0 | Unreviewed
Needs tests: 0 | Needs documentation: 0
Easy pickings: 0 | Patch needs improvement: 0
| UI/UX: 0
-------------------------------------+-------------------------------------
Django's admin allows administrators to view all fields on the User model,
including the password hash. While this does not directly reveal the
password, it is sensitive information and most administrators do not need
to directly view or set it.
Allowing admins to view this information means that an attacker who
compromises an admin account (via cookie theft or other means) has direct
access to the password hashes for all users, facilitating offline cracking
attacks. If we hide this information by default in the admin, it is much
harder for an attacker to gather this information, and it means that the
damage is limited to just the compromised django site, rather than every
other site where users re-used those passwords.
We already hide sensitive information in tracebacks, and so we should hide
this information as well.
--
Ticket URL: <https://code.djangoproject.com/ticket/16845>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
