To test an addon, I clicked by mistake on 'add volto site' from the UI.
A classical site was made, but I noticed that the password is stored in plain text (?)
No clue what you did there. Though, this is the JSON representation of a regular Volto Slate Block.
Volto does not store any password at all. It uses the Plone backend for storing passwords and they are not stored as plain text.
It's just the default homepage: plone.volto/default.py at 05ac1cbe94d63d93b982a5ad91ea8e1afe48e689 · plone/plone.volto · GitHub
Generally, if you suspect a security issue, please email the security team at security@plone.org so we can verify and fix privately!
Got it
So the default page contains the text: admin / admin (which just happened to be my password since I just installed 'default'
1 Like