I think that this feature should be at least disabled by default because it's a bad policy even for administrators to view user passwords.
Wanted to point out that some people re-use passwords and having a third party viewing their password could compromise their other accounts.


EvanDonovan’s picture

Title: Have aes_convert default to false » Have aes_convert default to false - 7.x-1.6 blocker

I would agree with this. I'll put into the next release.

dpovshed’s picture

Issue summary: View changes
Status: Active » Closed (duplicate)