Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-1876

Encrypt all external system passwords in Crowd's database

XMLWordPrintable

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Atlassian Update - 20 October 2020

      Hello everyone,

      We’re happy to inform you that we’ve released Crowd 4.2 which encrypts all passwords to external systems that are stored in the Crowd’s database. These are:

      • Passwords that allows Crowd to connect to LDAP / AD directory
      • Remote Crowd directory application passwords
      • Azure AD web application keys
      • SMTP mail passwords
      • Proxy passwords

      We’d like to emphasize that the encryption of application.password stored in crowd.properties file which is used by clients connecting to Crowd is not in the scope of this ticket. This suggestion is tracked in another ticket: CWD-5649.

      Best regards,

      Crowd team

      Anywhere that a password is stored in plaintext in Crowd's database, it should be encrypted. This will not stop a knowledgeable attacker, but may slow them down.

            [CWD-1876] Encrypt all external system passwords in Crowd's database

            Michal Samujlo made changes -
            Remote Link Original: This issue links to "Page (Confluence)" [ 504003 ]
            Daniel Serkowski made changes -
            Remote Link Original: This issue links to "Page (Confluence)" [ 506897 ]
            Esteban Casuscelli made changes -
            Remote Link New: This issue links to "Page (Confluence)" [ 630281 ]
            Esteban Casuscelli made changes -
            Remote Link Original: This issue links to "Page (Confluence)" [ 630249 ]
            Esteban Casuscelli made changes -
            Remote Link New: This issue links to "Page (Confluence)" [ 630249 ]
            Jakub Reczycki made changes -
            Remote Link New: This issue links to "Page (Confluence)" [ 563357 ]
            Andriy Yakovlev [Atlassian] made changes -
            Link New: This issue relates to JRASERVER-72470 [ JRASERVER-72470 ]
            Dawid Owoc (Inactive) made changes -
            Resolution New: Done [ 17 ]
            Status Original: In Progress [ 3 ] New: Closed [ 6 ]
            Dawid Owoc (Inactive) made changes -
            Fix Version/s New: 4.2.0 [ 92192 ]
            Dawid Owoc (Inactive) made changes -
            Description Original: Anywhere that a password is stored in plaintext in Crowd's database, it should be encrypted. This will not stop a knowledgeable attacker, but may slow them down. New: {panel:title=Atlassian Update - 20 October 2020|borderStyle=solid|borderColor=#3c78b5|titleBGColor=#3c78b5|bgColor=#e7f4fa}
            Hello everyone,

            We’re happy to inform you that we’ve released [Crowd 4.2|https://confluence.atlassian.com/crowd/crowd-4-2-release-notes-1019381976.html] which encrypts all passwords to external systems that are stored in the Crowd’s database. These are:
            * Passwords that allows Crowd to connect to LDAP / AD directory
            * Remote Crowd directory application passwords
            * Azure AD web application keys
            * SMTP mail passwords
            * Proxy passwords

            We’d like to emphasize that the encryption of *application.password* stored in *crowd.properties* file which is used by clients connecting to Crowd is not in the scope of this ticket. This suggestion is tracked in another ticket: [CWD-5649|https://jira.atlassian.com/browse/CWD-5649].

            Best regards,

            Crowd team
            {panel}
            Anywhere that a password is stored in plaintext in Crowd's database, it should be encrypted. This will not stop a knowledgeable attacker, but may slow them down.

              Unassigned Unassigned
              doflynn David O'Flynn [Atlassian]
              Votes:
              53 Vote for this issue
              Watchers:
              51 Start watching this issue

                Created:
                Updated:
                Resolved: