[CONFSERVER-29534] Passwords of configured SMTP mail accounts are stored in cleartext

Type: Suggestion
Resolution: Unresolved
Fix Version/s: None
Component/s: None
Labels:
Environment:
Confluence 5.1.3 and Confluence 4.3.7 + Jira 5.2.7 on Linux (CentOS 5) with MySQL 5.1.34 or PostgreSQL 8.4.17

UIS:
1
Support reference count:
1
Feedback Policy:

We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

NOTE: This suggestion is for Confluence Data Center. Using Confluence Cloud? See the corresponding suggestion.

Atlassian Update - 8 February 2024

Hi everyone,

This is Kathleen from the Confluence team. Thank you for your interest in this suggestion. We understand that this functionality is important to many of you.

We are considering this feature for the Confluence roadmap and hope to start development when our current projects are completed.

To learn more about our recent investments in Confluence Data Center, please check our public roadmap and our dashboards containing recently resolved issues, and current work and future plans.

Kind regards,
Confluence Data Center

Passwords for configured mail accounts are stored in clear text in the database as can be seen e.g. by:

SELECT * FROM BANDANA WHERE BANDANAKEY = 'atlassian.confluence.space.mailaccounts';

Even when being an admin I should NOT be able to read-out other users email account password!

This problem exists for Confluence AND Jira as well.

is related to

CONFSERVER-2146 Encrypt all passwords stored on the file system

Closed

relates to

CONFCLOUD-29534 Passwords of configured SMTP mail accounts are stored in cleartext

Gathering Interest

mentioned in: Page Failed to load; Page Failed to load

Form Name

Kathleen Xu added a comment - 08/Feb/2024 3:19 AM - edited

Atlassian Update - 8 February 2024

Hi everyone,

This is Kathleen from the Confluence team. Thank you for your interest in this suggestion. We understand that this functionality is important to many of you.

We are considering this feature for the Confluence roadmap and hope to start development when our current projects are completed.

To learn more about our recent investments in Confluence Data Center, please check our public roadmap and our dashboards containing recently resolved issues, and current work and future plans.

Kind regards,
Confluence Data Center

Kathleen Xu added a comment - 08/Feb/2024 3:19 AM - edited Atlassian Update - 8 February 2024 Hi everyone, This is Kathleen from the Confluence team. Thank you for your interest in this suggestion. We understand that this functionality is important to many of you. We are considering this feature for the Confluence roadmap and hope to start development when our current projects are completed. To learn more about our recent investments in Confluence Data Center, please check our public roadmap and our dashboards containing recently resolved issues , and current work and future plans . Kind regards, Confluence Data Center

Assignee:: Unassigned

Reporter:: Rainer Pöhlmann

Votes:: 7 Vote for this issue

Watchers:: 14 Start watching this issue

Created:: 05/Jun/2013 6:39 AM

Updated:: 06/Dec/2024 8:23 PM

Details

Description

Attachments

Issue Links

Forms

Activity

Collapse comment: Kathleen Xu added a comment - 08/Feb/2024 3:19 AM, Edited by Kathleen Xu - 08/Feb/2024 3:21 AM

Expand comment: Kathleen Xu added a comment - 08/Feb/2024 3:19 AM, Edited by Kathleen Xu - 08/Feb/2024 3:21 AM

People

Dates