Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,296,446
Community Members
 
Community Events
165
Community Groups

Clear text passwords stored in cwd_directory_attribute - embedded Crowd and Standalone

Hi all

I just notiecd that Crowd (embedded version as well as standalone) stores passwords for directories and applications in clear text (table cwd_directory_attribute / ldap.password & application.password). I believe that is a big security issue so I wonder if there is a workaround available or if this is just a matter of configuration?

Thanks

Peter

1 answer

1 vote
joe Atlassian Team Jul 23, 2012

There is an open Crowd issue for this - CWD-1876. However, if the password in the database is encrypted, this still leaves the problem of how to store the master key securely.

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Posted in Jira Service Management

Jira Service Management Documentation Opportunities

Hello everyone, Hope everyone is safe! A few months ago we posted an article sharing all the new articles and documentation that we, the AMER Jira Service Management team created. As mentioned ...

320 views 0 10
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you