[wp-trac] [WordPress Trac] #15369: Worpress exposes clear text passwords in the UI
WordPress Trac
wp-trac at lists.automattic.com
Wed Nov 10 04:14:07 UTC 2010
#15369: Worpress exposes clear text passwords in the UI
--------------------------+-------------------------------------------------
Reporter: nh2 | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version:
Severity: major | Keywords: passwords
--------------------------+-------------------------------------------------
Wordpress shows clear text passwords in at least the following:
- The options page: mailserver password
- The setup assistant: database password (!)
- Maybe in wp-admin/network/site-users.php (search for "user_password") -
I don't really know where to find that page being rendered
- The metaboxes include.
See the attached patches against the current SVN trunk.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/15369>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list