Stored (plaintext) password if not volto

To test an addon, I clicked by mistake on 'add volto site' from the UI.
A classical site was made, but I noticed that the password is stored in plain text (?)

No clue what you did there. Though, this is the JSON representation of a regular Volto Slate Block.

Volto does not store any password at all. It uses the Plone backend for storing passwords and they are not stored as plain text.

It's just the default homepage: plone.volto/ at 05ac1cbe94d63d93b982a5ad91ea8e1afe48e689 · plone/plone.volto · GitHub

Generally, if you suspect a security issue, please email the security team at so we can verify and fix privately!

@espenmn That's the content of the front page:


Got it
So the default page contains the text: admin / admin (which just happened to be my password since I just installed 'default'

1 Like