id,summary,reporter,owner,description,type,status,component,version,severity,resolution,keywords,cc,stage,has_patch,needs_docs,needs_tests,needs_better_patch,easy,ui_ux 16845,Admin should hide password hash field by default,Paul McMillan,Paul McMillan,"Django's admin allows administrators to view all fields on the User model, including the password hash. While this does not directly reveal the password, it is sensitive information and most administrators do not need to directly view or set it. Allowing admins to view this information means that an attacker who compromises an admin account (via cookie theft or other means) has direct access to the password hashes for all users, facilitating offline cracking attacks. If we hide this information by default in the admin, it is much harder for an attacker to gather this information, and it means that the damage is limited to just the compromised django site, rather than every other site where users re-used those passwords. We already hide sensitive information in tracebacks, and so we should hide this information as well.",Cleanup/optimization,closed,contrib.auth,1.3,Release blocker,fixed,,Donald Stufft,Accepted,1,0,0,0,0,0