[BUG] [SECURITY] Password of emailaccount is plaintext and visible

[MrHappy]

Describe the bug The password of the account to access the mailbox is visible in plaintext in the webinterface (and therefore also in the database)

To Reproduce Steps to reproduce the behavior:

1. Go to '/admin/paperless_mail/mailaccount/1/change/'
2. Scroll down to 'Password'
3. See error

Expected behavior A hidden/obscured representation (all asterisks or something) And also stored as a hash in the database.

Screenshots I do not think so ;)

Webserver logs

Irrelevant

Relevant information

• Host OS of the machine running paperless: [e.g. Archlinux / Ubuntu 20.04]
• Browser [e.g. chrome, safari]
• Version [e.g. 1.0.0]
• Installation method: [docker / bare metal]
• Any configuration changes you made in docker-compose.yml, docker-compose.env or paperless.conf.

[sbrunner]

It can't be encoded in the database because it is used as it, not to verify a password...

[MrHappy]

Shouldn´t it be obfuscated/hidden on the site nevertheless?

[sbrunner]

For the UI effectively, it's better to don't see it and don't send it, but in the database it's not possible to store a hash as it made for a user password.

[MrHappy]

That sounds like a good idea.

[knilde]

Yes. I agree that the password should not be visable (at all).

Today I asked a friend to enter his password while setting up an instance for him. He lost trust in the security of Paperless-ng at this moment. :-( Common users don't understand that.

[AngellusMortis]

This should be rather easy to accomplish. You can add a "Mail Account Form" that ignores the initial value for the password. Likely also want to add a help text saying "write only" or something. Then the form would never load the password from the DB, but still let you set it.

I would also recommend encryption at rest as well using a Fernet field.

https://docs.djangoproject.com/en/3.2/ref/contrib/admin/#django.contrib.admin.ModelAdmin.form https://django-fernet-fields.readthedocs.io/en/latest/

[knilde]

You can add a "Mail Account Form" that ignores the initial value for the password.

Thanks for the hint but I'm afraid I don't have the knowledge to modify/add such a form.

On the docker image and tried to change the logo/logo-colour to see on which session I'm loged in - I could not manage :-) Maybe I could if I knew the exact location to place a modified file into Paperless-ng...