Opened 3 years ago

Closed 3 years ago

#32198 closed Uncategorized (invalid)

Passwords of users created in admin user interface possibly not hashed?

Reported by: jrdjango Owned by: nobody
Component: contrib.admin Version: 3.0
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


After I created a new user using, I see the plain password of the newly created user in the django admin user interface.

When I try to log this user in, user = authenticate(request,...) returns None.

When I create a superuser from the console and go to, I see in the admin user interface that the superuser's password is hashed.

When I log the superuser in, I don't have any problems.

(I'm new to django, so in case this is nonsense, I beg your pardon.)

Attachments (2)

password_not_hashed.png (65.2 KB) - added by jrdjango 3 years ago.
plain password displayed
password_hashed.png (31.8 KB) - added by jrdjango 3 years ago.
hashed password displayed

Download all attachments as: .zip

Change History (3)

Changed 3 years ago by jrdjango

Attachment: password_not_hashed.png added

plain password displayed

Changed 3 years ago by jrdjango

Attachment: password_hashed.png added

hashed password displayed

comment:1 Changed 3 years ago by Mariusz Felisiak

Component: Uncategorizedcontrib.admin
Resolution: invalid
Status: newclosed

There is an issue in your app not in Django itself. Please don't use Trac as a support channel. Closing per TicketClosingReasons/UseSupportChannels.

Note: See TracTickets for help on using tickets.
Back to Top