Details
-
Suggestion
-
Resolution: Unresolved
-
None
-
None
Description
Use of the plaintext password encoder introduces a security risk in the case of system compromise – one of the hashed, salted schemes (such as the default ATLASSIAN-SECURITY) should be used in any production environment.
However, although it's not the default, having it present as an option creates the risk that it will be used: it would be safer to remove it entirely.