Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-1876

Encrypt all external system passwords in Crowd's database

XMLWordPrintable

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Atlassian Update - 20 October 2020

      Hello everyone,

      We’re happy to inform you that we’ve released Crowd 4.2 which encrypts all passwords to external systems that are stored in the Crowd’s database. These are:

      • Passwords that allows Crowd to connect to LDAP / AD directory
      • Remote Crowd directory application passwords
      • Azure AD web application keys
      • SMTP mail passwords
      • Proxy passwords

      We’d like to emphasize that the encryption of application.password stored in crowd.properties file which is used by clients connecting to Crowd is not in the scope of this ticket. This suggestion is tracked in another ticket: CWD-5649.

      Best regards,

      Crowd team

      Anywhere that a password is stored in plaintext in Crowd's database, it should be encrypted. This will not stop a knowledgeable attacker, but may slow them down.

            Unassigned Unassigned
            doflynn David O'Flynn [Atlassian]
            Votes:
            53 Vote for this issue
            Watchers:
            51 Start watching this issue

              Created:
              Updated:
              Resolved: