Julien R. created JENKINS-13706:
-----------------------------------
Summary: Config stored jabber credential in clear text
Key: JENKINS-13706
URL: https://issues.jenkins-ci.org/browse/JENKINS-13706
Project: Jenkins
Issue Type: Bug
Components: jabber
Affects Versions: current
Reporter: Julien R.
Assignee: kutzi
Priority: Minor
If you open hudson.plugins.jabber.im.transport.JabberPublisher.xml you will
notice that the jabber password is stored in cleartext :
{code:xml}
<hudson.plugins.jabber.im.transport.JabberPublisherDescriptor>
[...]
<hudsonPassword>Protext_the_innocent</hudsonPassword>
{code}
Other components (ldap bind password, svn) have a hash mechanism as far as I
can see, not sure if there is a common library to use but it would be a nice
addition.
Thank you !
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jenkins-ci.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
