diff --git a/core/modules/user/src/UserViewsData.php b/core/modules/user/src/UserViewsData.php
index 955ab5967bc153cde414b93f9c0f05a912f1605f..ae5d681094b2ede91b53be61f31b9d6b47b98b5b 100644
--- a/core/modules/user/src/UserViewsData.php
+++ b/core/modules/user/src/UserViewsData.php
@@ -249,6 +249,10 @@ public function getViewsData() {
],
];
+ // Unset the "pass" field because the access control handler for the user
+ // entity type allows editing the password, but not viewing it.
+ unset($data['users_field_data']['pass']);
+
return $data;
}
diff --git a/core/modules/user/tests/src/Kernel/Views/UserViewsDataTest.php b/core/modules/user/tests/src/Kernel/Views/UserViewsDataTest.php
new file mode 100644
index 0000000000000000000000000000000000000000..656772535ed8e1383f5b5701565f31d81513a0e0
--- /dev/null
+++ b/core/modules/user/tests/src/Kernel/Views/UserViewsDataTest.php
@@ -0,0 +1,57 @@
+<?php
+
+namespace Drupal\Tests\user\Kernel\Views;
+
+use Drupal\KernelTests\KernelTestBase;
+
+/**
+ * Contains tests related to the views data for the user entity type.
+ *
+ * @group user
+ *
+ * @see \Drupal\user\UserViewsData
+ */
+class UserViewsDataTest extends KernelTestBase {
+
+ /**
+ * The views data service.
+ *
+ * @var \Drupal\views\ViewsData
+ */
+ protected $viewsData;
+
+ /**
+ * The entity field manager.
+ *
+ * @var \Drupal\Core\Entity\EntityFieldManagerInterface
+ */
+ protected $entityFieldManager;
+
+ /**
+ * {@inheritdoc}
+ */
+ protected static $modules = [
+ 'system',
+ 'user',
+ 'views',
+ ];
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function setUp() {
+ parent::setUp();
+ $this->viewsData = $this->container->get('views.views_data');
+ $this->entityFieldManager = $this->container->get('entity_field.manager');
+ }
+
+ /**
+ * Tests if user views data object doesn't contain pass field.
+ */
+ public function testUserPasswordFieldNotAvailableToViews() {
+ $field_definitions = $this->entityFieldManager->getBaseFieldDefinitions('user');
+ $this->assertArrayHasKey('pass', $field_definitions);
+ $this->assertArrayNotHasKey('pass', $this->viewsData->get('users_field_data'));
+ }
+
+}