BIG Security Issue – in my view
If you happen to leave your computer unattended whilst you’re logged in as an admin and someone sneaks onto your computer and types in the following…
They can see your unencrypted password!
How is this a security issue?
The reality is many people use the same password for other websites… it’s one thing for someone to be able to sneak into your wordpress and CHANGE your password to a new one even if they don’t know what your current one is… BUT it is another thing entirely for that sneaky person to be able to easily see your current password!
SURELY this is bad, very bad. There should be NO reason for my password to be visible and unencrypted even when I’m logged in.
By all means let me change my password but don’t make it visible for crying out!
I’m sorry but saying “choose a unique password” doesn’t cut it… the fact is many many many bloggers will be using the same password for their online banking.
That’s a known issue and, frankly, not a technical security issue, but a social engineering one. Seriously. The same ‘flaw’ exists in FTP, shell access and phpMyAdmin. If I’m logged into my server and walk away, a malicious person could sit down and screw me over.
That’s why no one EVER uses my computer as me if I’m not there. Period. I walk away for 2 minutes, I lock it. I choose a good password for my computer, and I have it set to auto lock if I don’t use it for a little while.
Security cannot protect you from a boneheaded maneuver.
I’ve just tested this here and I don’t see my password anywhere on that page.
Your password for your WordPress blog is hashed and not stored in the clear.
What is the name of the option you are seeing on your blog which contains your password in the clear?
“Security cannot protect you from a boneheaded maneuver. “
There is simply no need for this password to be unencrypted… it’s not an issue of being able to take over your blog, it’s the fact that your password is all there to see.
Wordptress need to at least justify why it’s there unencrypted. Otherwise make in bold and in large text and on the front page of the admin area to make sure everyone knows how venerable they are… don’t pretend that the asterisks on the profile page are hiding a thing when we type in our password!
I don’t think WordPress has to justify anything or explain anything at all since that’s not a WordPress code issue.
However you might want to check with this gentleman, since it looks like you installed this plugin:
Many of the external sites that are accessible via WordPress plugins (Google Analytics, Twitter, etc.) won’t take a transmitted hash as a password, so for those systems the password ends up stored in the clear. Other API’s will send back an authentication token for later authentication so that a clear text password would not need to be stored.
PS. Ipstenu is right; leaving an unlocked system in an untrusted environment is a boneheaded maneuver.
Thanks for that… I didn’t know that it was a plugin problem… how can plugin so easily get and display my password in any case?
At the end of the day I really don’t like that my password can be so easily displayed so I’ll take it up with the plugin developer
“PS. Ipstenu is right; leaving an unlocked system in an untrusted environment is a boneheaded maneuver. “
I never said he was wrong… but the truth be known… we’re all boneheads a one time or another and it’s be good to be safe when we are 😉
She but that’s besides the point.
The thing is… If someone walked up to my unlocked computer, they could seriously jack my WP install. Why? I have a copy on my desktop which gives my SQL password, which means they could log into the SQL DB and screw around. Also, like most people, I save passwords, so the FTP app would let them f that up too.
But knowing that my computer is a security ‘hole’, I take the necessary precautions. The laptop NEVER has a password saved. The desktop, well, it does, but it auto-locks after 5 minutes, and I’m religious about locking it when I walk away, even for a moment.
I have this argument with my boss a lot. How do you ensure safety while preventing bonehead maneuvers. And you just … don’t. Constant Vigilance is the best anyone can do, but no one can prevent us from the ‘Oh … please don’t tell me I just deleted my database with that typo!’ moment. 🙂
Been there, done that, brought down v. important servers in the middle of the day.
I use this Google analytics tool on my dash, no clear-text password. http://wordpress.org/extend/plugins/google-analyticator/
OK… I think i’ve sussed it out…
It wasn’t my wordpress password it was displaying… it was my google analytics password it was displaying which happens to be the same as my wordpress one. So this is not WordPress issue at all… my misunderstanding.
Solution: use different passwords!
Just to follow this up. You have to ask the Google Analytics Dashboard plugin to actually save you password and it defaults to not saving it. It has to be saved in plain text when you select that option because that is the only way Google will take it. You can purge this by telling the plugin to forget your login information and then logging back in and not selecting the save password feature.
- The topic ‘BIG Security Issue – in my view’ is closed to new replies.