Loading...

XML

Word

Printable

Type: Suggestion
Resolution: Unresolved
Component/s: None
Labels:
Environment:
Confluence 5.1.3 and Confluence 4.3.7 + Jira 5.2.7 on Linux (CentOS 5) with MySQL 5.1.34 or PostgreSQL 8.4.17

Feedback Policy:

Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion.

Passwords for configured mail accounts are stored in clear text in the database as can be seen e.g. by:

SELECT * FROM BANDANA WHERE BANDANAKEY = 'atlassian.confluence.space.mailaccounts';

Even when being an admin I should NOT be able to read-out other users email account password!

This problem exists for Confluence AND Jira as well.

is related to

CONFSERVER-29534 Passwords of configured SMTP mail accounts are stored in cleartext

Under Consideration

Assignee:: Unassigned

Reporter:: Rainer Pöhlmann

Votes:: 1 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 05/Jun/2013 6:39 AM

Updated:: 28/Aug/2020 7:38 PM