Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
I think that this feature should be at least disabled by default because it's a bad policy even for administrators to view user passwords.
Wanted to point out that some people re-use passwords and having a third party viewing their password could compromise their other accounts.
Comments
Comment #1
EvanDonovan CreditAttribution: EvanDonovan commentedI would agree with this. I'll put into the next release.
Comment #2
dpovshed CreditAttribution: dpovshed commentedFixed in #1968496: Don't enable AES password by default .