[JIRA] (JENKINS-13706) Jabber/IRCBot credentials stored in clear text
[ https://issues.jenkins-ci.org/browse/JENKINS-13706?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] kutzi updated JENKINS-13706: Summary: Jabber/IRCBot credentials stored in clear text (was: Config stored jabber credential in clear text) Component/s: ircbot Jabber/IRCBot credentials stored in clear text -- Key: JENKINS-13706 URL: https://issues.jenkins-ci.org/browse/JENKINS-13706 Project: Jenkins Issue Type: Bug Components: ircbot, jabber Affects Versions: current Reporter: Julien R. Assignee: kutzi Priority: Minor Labels: jabber, password If you open hudson.plugins.jabber.im.transport.JabberPublisher.xml you will notice that the jabber password is stored in cleartext : {code:xml} hudson.plugins.jabber.im.transport.JabberPublisherDescriptor [...] hudsonPasswordProtext_the_innocent/hudsonPassword {code} Other components (ldap bind password, svn) have a hash mechanism as far as I can see, not sure if there is a common library to use but it would be a nice addition. Thank you ! -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jenkins-ci.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[JIRA] (JENKINS-13706) Jabber/IRCBot credentials stored in clear text
[ https://issues.jenkins-ci.org/browse/JENKINS-13706?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=163454#comment-163454 ] SCM/JIRA link daemon commented on JENKINS-13706: Code changed in jenkins User: Christoph Kutzinski Path: pom.xml src/main/java/hudson/plugins/ircbot/IrcPublisher.java http://jenkins-ci.org/commit/ircbot-plugin/cbe23a16db65a2e857ff5f5404a37b61192ffbc2 Log: Save passwords scrambled [JENKINS-13706] Jabber/IRCBot credentials stored in clear text -- Key: JENKINS-13706 URL: https://issues.jenkins-ci.org/browse/JENKINS-13706 Project: Jenkins Issue Type: Bug Components: ircbot, jabber Affects Versions: current Reporter: Julien R. Assignee: kutzi Priority: Minor Labels: jabber, password If you open hudson.plugins.jabber.im.transport.JabberPublisher.xml you will notice that the jabber password is stored in cleartext : {code:xml} hudson.plugins.jabber.im.transport.JabberPublisherDescriptor [...] hudsonPasswordProtext_the_innocent/hudsonPassword {code} Other components (ldap bind password, svn) have a hash mechanism as far as I can see, not sure if there is a common library to use but it would be a nice addition. Thank you ! -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jenkins-ci.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira