id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
16845	Admin should hide password hash field by default	Paul McMillan	Paul McMillan	"Django's admin allows administrators to view all fields on the User model, including the password hash. While this does not directly reveal the password, it is sensitive information and most administrators do not need to directly view or set it. 

Allowing admins to view this information means that an attacker who compromises an admin account (via cookie theft or other means) has direct access to the password hashes for all users, facilitating offline cracking attacks. If we hide this information by default in the admin, it is much harder for an attacker to gather this information, and it means that the damage is limited to just the compromised django site, rather than every other site where users re-used those passwords.

We already hide sensitive information in tracebacks, and so we should hide this information as well."	Cleanup/optimization	closed	contrib.auth	1.3	Release blocker	fixed		Donald Stufft	Accepted	1	0	0	0	0	0