I know how it feels for someone to come into your issue queue and open a critical task, but this is security-related so I feel there is no other way to categorize it.
Using AES passwords is definitely a use-case that this module should support but enabling that feature should be a conscious decision by the administrator. Anyone who has access to the database and the AES key (which is in the database by default!) will be able to decrypt any user's password. Again, this can be a useful feature for certain use-cases but in other cases this can be considered a security infringement.
Therefore this feature should be disabled.
Attached patch does so.
Comment | File | Size | Author |
---|---|---|---|
aes-user-passwords.patch | 419 bytes | tstoeckler |
Comments
Comment #1
ParisLiakos CreditAttribution: ParisLiakos commentedthis is a serious WTF
showing plain text passwords is a no-no-no-NO
Comment #2
digitalRoots CreditAttribution: digitalRoots commentedI can not believe this is still here. I am glad at least there is an option to disable it, but why is it enabled by default? Passwords should be hashed (one way) not encrypted (two way)!
Comment #3
ergophobe CreditAttribution: ergophobe commentedBy the way, you disable this under
Config > System > AES Settings, "Create AES Passwords"
admin/config/system/aes
Comment #4
dpovshed CreditAttribution: dpovshed commentedThank you @tstoeckler, your patch was useful but not sufficient. Just removing default value was not enough - sometimes code later assumed option is ON when setting is not set.
I had slightly extended you logic - explicitly set default to 'false', as well as set to 'false' all defaults in variable lookup.
Committed to dev.
Comment #5
dpovshed CreditAttribution: dpovshed commented