Loading...

XML

Word

Printable

Type: Bug
Resolution: Tracked Elsewhere
Priority: Low
Fix Version/s: None
Affects Version/s: 6.2.6
Component/s: User Management - Others
Labels:

Introduced in Version:
6.02
Support reference count:
2
Symptom Severity:
Severity 3 - Minor
UIS:
1
Bug Fix Policy:
View Atlassian Server bug fix policy

Table: cwd_directory_attribute
Column: attribute_value

How to Verify (in my environment):
Connect to JIRA database using psql and run query:

select attribute_value from cwd_directory_attribute where attribute_name = 'application.password'

Note how the returned value is the plain text value of the password you entered when defining the user directory in JIRA

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List

jira-stores-user-directory-app-passwords-in-plaintext-as-well.png
48 kB
04/Jun/2014 3:37 PM
screenshot-of-blurred-password-from-keepassx.png
39 kB
04/Jun/2014 3:37 PM

is blocked by

CWD-1876 Encrypt all external system passwords in Crowd's database

Closed

is duplicated by

JRASERVER-45612 Active Directory/LDAP credentials stored in database in cleartext

Closed

is related to

BSERV-4819 Stash uses plain text passwords in the database for the Crowd User Directory

Closed

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(5 mentioned in)

Assignee:: Unassigned

Reporter:: William Crighton [CCC]

Votes:: 1 Vote for this issue

Watchers:: 7 Start watching this issue

Created:: 04/Jun/2014 3:37 PM

Updated:: 31/Mar/2022 2:32 PM

Resolved:: 16/Oct/2020 7:32 AM