Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-29534

Passwords of configured SMTP mail accounts are stored in cleartext

XMLWordPrintable

    • 1
    • 1
    • We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      NOTE: This suggestion is for Confluence Data Center. Using Confluence Cloud? See the corresponding suggestion.

      Atlassian Update - 8 February 2024

      Hi everyone,

      This is Kathleen from the Confluence team. Thank you for your interest in this suggestion. We understand that this functionality is important to many of you. 

      We are considering this feature for the Confluence roadmap and hope to start development when our current projects are completed.

      To learn more about our recent investments in Confluence Data Center, please check our public roadmap and our dashboards containing recently resolved issues, and current work and future plans.

      Kind regards,
      Confluence Data Center

      Passwords for configured mail accounts are stored in clear text in the database as can be seen e.g. by:

      SELECT * FROM BANDANA WHERE BANDANAKEY = 'atlassian.confluence.space.mailaccounts';

      Even when being an admin I should NOT be able to read-out other users email account password!

      This problem exists for Confluence AND Jira as well.

       

              Unassigned Unassigned
              54986ff9eb67 Rainer Pöhlmann
              Votes:
              7 Vote for this issue
              Watchers:
              14 Start watching this issue

                Created:
                Updated: