I know how it feels for someone to come into your issue queue and open a critical task, but this is security-related so I feel there is no other way to categorize it.

Using AES passwords is definitely a use-case that this module should support but enabling that feature should be a conscious decision by the administrator. Anyone who has access to the database and the AES key (which is in the database by default!) will be able to decrypt any user's password. Again, this can be a useful feature for certain use-cases but in other cases this can be considered a security infringement.

Therefore this feature should be disabled.

Attached patch does so.

Files: 
CommentFileSizeAuthor
aes-user-passwords.patch419 byteststoeckler

Comments

Status:Needs review» Reviewed & tested by the community

this is a serious WTF
showing plain text passwords is a no-no-no-NO

I can not believe this is still here. I am glad at least there is an option to disable it, but why is it enabled by default? Passwords should be hashed (one way) not encrypted (two way)!

By the way, you disable this under
Config > System > AES Settings, "Create AES Passwords"
admin/config/system/aes

Thank you @tstoeckler, your patch was useful but not sufficient. Just removing default value was not enough - sometimes code later assumed option is ON when setting is not set.

I had slightly extended you logic - explicitly set default to 'false', as well as set to 'false' all defaults in variable lookup.

Committed to dev.

Issue summary:View changes
Status:Reviewed & tested by the community» Fixed

Status:Fixed» Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

  • Commit 30a3dee on 7.x-1.x, 8.x-2.x by dpovshed: Issue #1968496 by tstoeckler, denikin: Don't enable AES password by...