Clear text password in dbconfig.xml

Hi,

Fairly new to the application so I'll try to give as much detail as possible.

recently started a new job and I've been tasked with looking at an "Jira application is passing authentication requests to Domain Controllers in clear-text" issue. Once the below issue is fixed, i may have to ask you guys about that too, but first...

We want to try and replicate the issue in a test environment. I followed https://confluence.atlassian.com/adminjiraserver073/configuring-an-ssl-connection-to-active-directory-861253201.html and all was going OK until i released that the evaluation licence had expired in the test environment. After getting a new licence, I then ran into the problem of not knowing the admin username and password (the previous admin has left the business).

I managed to hack the account by following 

https://confluence.atlassian.com/jira/retrieving-the-jira-administrator-192836.html?_ga=2.35965280.1360432237.1558411575-169152948.1558298832

However the issue now is that I get a 500 error when entering the u/n p/w and licence key.

I also get the below (that is just the start, over 100 more lines) (can only post 20000 characters)

com.atlassian.crowd.exception.runtime.OperationFailedException
	at com.atlassian.crowd.embedded.core.CrowdServiceImpl.convertOperationFailedException(CrowdServiceImpl.java:676) [embedded-crowd-core-2.10.5-j11.jar:?]
	at com.atlassian.crowd.embedded.core.CrowdServiceImpl.authenticate(CrowdServiceImpl.java:76) [embedded-crowd-core-2.10.5-j11.jar:?]
	at com.atlassian.jira.web.action.admin.ConfirmNewInstallationWithOldLicense.getCrowdUser(ConfirmNewInstallationWithOldLicense.java:236) [classes/:?]
	at com.atlassian.jira.web.action.admin.ConfirmNewInstallationWithOldLicense.doValidation(ConfirmNewInstallationWithOldLicense.java:205) [classes/:?]
	at webwork.action.ActionSupport.validate(ActionSupport.java:391) [webwork-1.4-atlassian-30.jar:?]
	at webwork.action.ActionSupport.execute(ActionSupport.java:162) [webwork-1.4-atlassian-30.jar:?]
	at com.atlassian.jira.action.JiraActionSupport.execute(JiraActionSupport.java:63) [jira-api-8.2.0.jar:?]
	at webwork.interceptor.DefaultInterceptorChain.proceed(DefaultInterceptorChain.java:39) [webwork-1.4-atlassian-30.jar:?]
	

Any one have any ideas? I have tried reinstalling java core but no such luck,

Thanks

-------------------------------------------------------------------------

Update: Jira service desk have resolved the issue by manually asking me to run the following:

update productlicense set license ='AAABhw0ODAoPeNp9kUtPwzAQhO/+FZa4wKFREl5qJUugxIeipq2aAhcuS7otRokTrZ1C+PU4D1ARhZtX9s58Mz5Ja80TaHgQ8uBqculPLgIexWse+sGY7QhRv5RVheTNVIbaoNwoq0ot5HwtV8vVNJVsXhfPSIvtvUEyIvB9FpXaQmbnUKBIaiKn/9jkG2TLmrIXMBiDRdFajPzLUThmg/i6qbBbihZJIlfR9Hb2dSXfK0VNt1frXBXK4ubLRyagclF0Rt5ba3RTAeXKKWnr7cq99fQHe1UEXkXlps6s1w4jU27tGxB6TkPtUViqsX/2d9gjlRyjdkTaogadHZKHfugPif+h+d3nYDSNxWwap3I+CgOnFF4zdxaH8z+qqQWySGILuUG2oB1oZaCLt/wuC6jhKdLe+RkWEXb3Pz4rOGd5T/Pg6Nrt8EcnTgSpImWGOmM0Gamq87lzQDwdgPhpa4R0xl1C3mV9mvCoLAqkTEHOh9B9pr9+6Fj3hziHe3IPed0n7kv4BHQqCsIwLQIVAIWVaSX55vWEzHDy6KHZFNolBo7BAhRpNZjN6v/Pczqn0RSF0Mj1ng+w0g==X02j3' WHERE id= '10000';

Upon rebooting the server Jira is now upto date in our test environment.

Thankyou for that.

Now the issue with cleartext passwords.

I have come across the following and have also logged it withe service desk:

https://jira.atlassian.com/browse/JRASERVER-37356

is this correct? seems like a serious security flaw.