Community resources
Community resources
Community resources
Clear text password in dbconfig.xml
Hi,
Fairly new to the application so I'll try to give as much detail as possible.
recently started a new job and I've been tasked with looking at an "Jira application is passing authentication requests to Domain Controllers in clear-text" issue. Once the below issue is fixed, i may have to ask you guys about that too, but first...
We want to try and replicate the issue in a test environment. I followed https://confluence.atlassian.com/adminjiraserver073/configuring-an-ssl-connection-to-active-directory-861253201.html and all was going OK until i released that the evaluation licence had expired in the test environment. After getting a new licence, I then ran into the problem of not knowing the admin username and password (the previous admin has left the business).
I managed to hack the account by following
However the issue now is that I get a 500 error when entering the u/n p/w and licence key.
I also get the below (that is just the start, over 100 more lines) (can only post 20000 characters)
com.atlassian.crowd.exception.runtime.OperationFailedException at com.atlassian.crowd.embedded.core.CrowdServiceImpl.convertOperationFailedException(CrowdServiceImpl.java:676) [embedded-crowd-core-2.10.5-j11.jar:?] at com.atlassian.crowd.embedded.core.CrowdServiceImpl.authenticate(CrowdServiceImpl.java:76) [embedded-crowd-core-2.10.5-j11.jar:?] at com.atlassian.jira.web.action.admin.ConfirmNewInstallationWithOldLicense.getCrowdUser(ConfirmNewInstallationWithOldLicense.java:236) [classes/:?] at com.atlassian.jira.web.action.admin.ConfirmNewInstallationWithOldLicense.doValidation(ConfirmNewInstallationWithOldLicense.java:205) [classes/:?] at webwork.action.ActionSupport.validate(ActionSupport.java:391) [webwork-1.4-atlassian-30.jar:?] at webwork.action.ActionSupport.execute(ActionSupport.java:162) [webwork-1.4-atlassian-30.jar:?] at com.atlassian.jira.action.JiraActionSupport.execute(JiraActionSupport.java:63) [jira-api-8.2.0.jar:?] at webwork.interceptor.DefaultInterceptorChain.proceed(DefaultInterceptorChain.java:39) [webwork-1.4-atlassian-30.jar:?]
Any one have any ideas? I have tried reinstalling java core but no such luck,
Thanks
-------------------------------------------------------------------------
Update: Jira service desk have resolved the issue by manually asking me to run the following:
update productlicense set license ='AAABhw0ODAoPeNp9kUtPwzAQhO/+FZa4wKFREl5qJUugxIeipq2aAhcuS7otRokTrZ1C+PU4D1ARhZtX9s58Mz5Ja80TaHgQ8uBqculPLgIexWse+sGY7QhRv5RVheTNVIbaoNwoq0ot5HwtV8vVNJVsXhfPSIvtvUEyIvB9FpXaQmbnUKBIaiKn/9jkG2TLmrIXMBiDRdFajPzLUThmg/i6qbBbihZJIlfR9Hb2dSXfK0VNt1frXBXK4ubLRyagclF0Rt5ba3RTAeXKKWnr7cq99fQHe1UEXkXlps6s1w4jU27tGxB6TkPtUViqsX/2d9gjlRyjdkTaogadHZKHfugPif+h+d3nYDSNxWwap3I+CgOnFF4zdxaH8z+qqQWySGILuUG2oB1oZaCLt/wuC6jhKdLe+RkWEXb3Pz4rOGd5T/Pg6Nrt8EcnTgSpImWGOmM0Gamq87lzQDwdgPhpa4R0xl1C3mV9mvCoLAqkTEHOh9B9pr9+6Fj3hziHe3IPed0n7kv4BHQqCsIwLQIVAIWVaSX55vWEzHDy6KHZFNolBo7BAhRpNZjN6v/Pczqn0RSF0Mj1ng+w0g==X02j3' WHERE id= '10000';
Upon rebooting the server Jira is now upto date in our test environment.
Thankyou for that.
Now the issue with cleartext passwords.
I have come across the following and have also logged it withe service desk:
https://jira.atlassian.com/browse/JRASERVER-37356
is this correct? seems like a serious security flaw.
