[CWD-2679] Crowd + Apache Directory Server connector submitting changed passwords in plaintext

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 2.4.2
Affects Version/s: 2.3.1, 2.3.2
Component/s: None
Labels:
None
Environment:

Using Crowd and a Apache Directory server

Bug Fix Policy:
View Atlassian Server bug fix policy

Setting up Crowd and a Apache directory server, if you try to modify the password from a user and save it, Crowd stores it in Apache as plaintext.

See the screenshot with a test case.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List

plainText.jpg
62 kB
04/Oct/2011 8:59 PM

Monique Khairuliana (Inactive) made changes - 15/Aug/2019 7:06 AM

Workflow	Original: Simplified Crowd Development Workflow v2 - restricted [ 1509518 ]	New: JAC Bug Workflow v3 [ 3365566 ]
Status	Original: Resolved [ 5 ]	New: Closed [ 6 ]

Owen made changes - 07/Jul/2016 6:18 AM

Workflow

Original: Simplified Crowd Development Workflow v2 [ 1391594 ]

New: Simplified Crowd Development Workflow v2 - restricted [ 1509518 ]

Owen made changes - 12/May/2016 2:51 AM

Workflow

Original: Crowd Development Workflow v2 [ 348297 ]

New: Simplified Crowd Development Workflow v2 [ 1391594 ]

joe made changes - 01/May/2012 1:40 AM

Fix Version/s		New: 2.4.2 [ 25495 ]
Fix Version/s	Original: 2.4.1 [ 22991 ]

joe made changes - 09/Feb/2012 11:08 PM

Resolution		New: Fixed [ 1 ]
Status	Original: Technical Review [ 10028 ]	New: Resolved [ 5 ]

joe made changes - 20/Jan/2012 5:39 AM

Status

Original: In Progress [ 3 ]

New: Technical Review [ 10028 ]

joe made changes - 20/Jan/2012 5:30 AM

Status

Original: Open [ 1 ]

New: In Progress [ 3 ]

joe added a comment - 20/Jan/2012 3:35 AM

The ApacheDS example sells them short - they also support SSHA, which is better and also our default for OpenLDAP. I'll switch ApacheDS to the same behaviour as OpenLDAP (let encoding be set in the UI, make SSHA the default, use a factory).

joe added a comment - 20/Jan/2012 3:35 AM The ApacheDS example sells them short - they also support SSHA, which is better and also our default for OpenLDAP. I'll switch ApacheDS to the same behaviour as OpenLDAP (let encoding be set in the UI, make SSHA the default, use a factory).

Justin Koke added a comment - 20/Jan/2012 2:25 AM - edited

We should be using the encryption algorithm specified for the directory, as used by the OpenLDAP implementation.

Justin Koke added a comment - 20/Jan/2012 2:25 AM - edited We should be using the encryption algorithm specified for the directory, as used by the OpenLDAP implementation.

joe made changes - 20/Jan/2012 2:19 AM

Fix Version/s		New: 2.4.1 [ 22991 ]
Assignee		New: joe [ jwalton ]

Assignee:: joe

Reporter:: Rodrigo Girardi Adami

Affected customers:: 1 This affects my team

Watchers:: 1 Start watching this issue

Created:: 04/Oct/2011 8:59 PM

Updated:: 15/Aug/2019 7:06 AM

Resolved:: 09/Feb/2012 11:08 PM

Details

Description

Attachments

Attachments

Forms

Activity

Collapse comment: joe added a comment - 20/Jan/2012 3:35 AM

Expand comment: joe added a comment - 20/Jan/2012 3:35 AM

Collapse comment: Justin Koke added a comment - 20/Jan/2012 2:25 AM, Edited by Justin Koke - 20/Jan/2012 2:41 AM

Expand comment: Justin Koke added a comment - 20/Jan/2012 2:25 AM, Edited by Justin Koke - 20/Jan/2012 2:41 AM

People

Dates