[JIRA] (JENKINS-13706) Config stored jabber credential in clear text

[email protected] (JIRA) Mon, 07 May 2012 23:35:28 -0700

Julien R. created JENKINS-13706:
-----------------------------------

             Summary: Config stored jabber credential in clear text
                 Key: JENKINS-13706
                 URL: https://issues.jenkins-ci.org/browse/JENKINS-13706
             Project: Jenkins
          Issue Type: Bug
          Components: jabber
    Affects Versions: current
            Reporter: Julien R.
            Assignee: kutzi
            Priority: Minor



If you open hudson.plugins.jabber.im.transport.JabberPublisher.xml you will 
notice that the jabber password is stored in cleartext :

{code:xml} 

  <hudson.plugins.jabber.im.transport.JabberPublisherDescriptor>
  [...]
        <hudsonPassword>Protext_the_innocent</hudsonPassword> 
{code} 


Other components (ldap bind password, svn) have a hash mechanism as far as I 
can see, not sure if there is a common library to use but it would be a nice 
addition.


Thank you !

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.jenkins-ci.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[JIRA] (JENKINS-13706) Config stored jabber credential in clear text

Reply via email to