[CWD-2679] Crowd + Apache Directory Server connector submitting changed passwords in plaintext

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 2.4.2
Affects Version/s: 2.3.1, 2.3.2
Component/s: None
Labels:
None
Environment:

Using Crowd and a Apache Directory server

Bug Fix Policy:
View Atlassian Server bug fix policy

Setting up Crowd and a Apache directory server, if you try to modify the password from a user and save it, Crowd stores it in Apache as plaintext.

See the screenshot with a test case.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List

plainText.jpg
62 kB
04/Oct/2011 8:59 PM

Form Name

joe added a comment - 20/Jan/2012 3:35 AM

The ApacheDS example sells them short - they also support SSHA, which is better and also our default for OpenLDAP. I'll switch ApacheDS to the same behaviour as OpenLDAP (let encoding be set in the UI, make SSHA the default, use a factory).

joe added a comment - 20/Jan/2012 3:35 AM The ApacheDS example sells them short - they also support SSHA, which is better and also our default for OpenLDAP. I'll switch ApacheDS to the same behaviour as OpenLDAP (let encoding be set in the UI, make SSHA the default, use a factory).

Justin Koke added a comment - 20/Jan/2012 2:25 AM - edited

We should be using the encryption algorithm specified for the directory, as used by the OpenLDAP implementation.

Justin Koke added a comment - 20/Jan/2012 2:25 AM - edited We should be using the encryption algorithm specified for the directory, as used by the OpenLDAP implementation.

joe added a comment - 20/Jan/2012 2:18 AM

From Apache DS - Passwords stored one-way encrypted, ApacheDS supports setting the password as a SHA-1 hash.

We can switch to using that when the password is set to prevent storing plaintext in the directory

joe added a comment - 20/Jan/2012 2:18 AM From Apache DS - Passwords stored one-way encrypted , ApacheDS supports setting the password as a SHA-1 hash. We can switch to using that when the password is set to prevent storing plaintext in the directory

Assignee:: joe

Reporter:: Rodrigo Girardi Adami

Affected customers:: 1 This affects my team

Watchers:: 1 Start watching this issue

Created:: 04/Oct/2011 8:59 PM

Updated:: 15/Aug/2019 7:06 AM

Resolved:: 09/Feb/2012 11:08 PM

Details

Description

Attachments

Attachments

Forms

Activity

Collapse comment: joe added a comment - 20/Jan/2012 3:35 AM

Expand comment: joe added a comment - 20/Jan/2012 3:35 AM

Collapse comment: Justin Koke added a comment - 20/Jan/2012 2:25 AM, Edited by Justin Koke - 20/Jan/2012 2:41 AM

Expand comment: Justin Koke added a comment - 20/Jan/2012 2:25 AM, Edited by Justin Koke - 20/Jan/2012 2:41 AM

Collapse comment: joe added a comment - 20/Jan/2012 2:18 AM

Expand comment: joe added a comment - 20/Jan/2012 2:18 AM

People

Dates