Actually, they are not.
Even for internal accounts, the passwords are not stored. If the server/DC is hooked up to an external user directory, they may be stored there (if it's a primitive one that doesn't do security properly)
Jira's internal user directory ("embedded crowd") stores only password hashes, not passwords.
Only one password might be found in a server/DC system files or database - if the database is configured with basic authentication, then the database user and password will be stored as plain text in <jira home>/dbconfig.xml
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.