Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-1876

Encrypt all external system passwords in Crowd's database

    XMLWordPrintable

Details

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

    Description

      Atlassian Update - 20 October 2020

      Hello everyone,

      We’re happy to inform you that we’ve released Crowd 4.2 which encrypts all passwords to external systems that are stored in the Crowd’s database. These are:

      • Passwords that allows Crowd to connect to LDAP / AD directory
      • Remote Crowd directory application passwords
      • Azure AD web application keys
      • SMTP mail passwords
      • Proxy passwords

      We’d like to emphasize that the encryption of application.password stored in crowd.properties file which is used by clients connecting to Crowd is not in the scope of this ticket. This suggestion is tracked in another ticket: CWD-5649.

      Best regards,

      Crowd team

      Anywhere that a password is stored in plaintext in Crowd's database, it should be encrypted. This will not stop a knowledgeable attacker, but may slow them down.

      Attachments

        Issue Links

          blocks

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-38609 Crowd User Directory application password stored in plain text

          • Low - Low priority issues
          • Closed
          incorporates

          Suggestion - CWD-1434 Don't store the SMTP Server password in clear text

          • Closed
          is duplicated by

          Suggestion - CWD-2200 LDAP directory user DN password

          • Closed

          Suggestion - CWD-2838 crowd.properties password entry in plain text

          • Closed

          Suggestion - CWD-3841 Mail Server Password Should be Encrypted in The Database

          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. BSERV-4819 Stash uses plain text passwords in the database for the Crowd User Directory

          • High - High priority issues
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-72470 Jira stalls due to contention on CachedEncryptor.decrypt

          • High - High priority issues
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-45612 Active Directory/LDAP credentials stored in database in cleartext

          • Medium - Medium priority issues
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. CONFSERVER-31605 LDAP and Active Directory credentials are stored in plain text in database

          • Low - Low priority issues
          • Closed

          Suggestion - CONFCLOUD-31605 LDAP credentials are stored in plain text in database

          • Closed

          LEM-359 Loading...

          is cloned by

          KRAK-3519 Loading...

          mentioned in

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Activity

            People

              Unassigned Unassigned
              doflynn David O'Flynn [Atlassian]
              Votes:
              53 Vote for this issue
              Watchers:
              51 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: