Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-13706

Jabber/IRCBot credentials stored in clear text

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      If you open hudson.plugins.jabber.im.transport.JabberPublisher.xml you will notice that the jabber password is stored in cleartext :

       

  <hudson.plugins.jabber.im.transport.JabberPublisherDescriptor>
  [...]
 	<hudsonPassword>Protext_the_innocent</hudsonPassword>

      Other components (ldap bind password, svn) have a hash mechanism as far as I can see, not sure if there is a common library to use but it would be a nice addition.

      Thank you !

        Attachments

          Activity

          Descending order - Click to sort in ascending order
          Hide
          Permalink
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Christoph Kutzinski
          Path:
          pom.xml
          src/main/java/hudson/plugins/jabber/im/transport/JabberPublisherDescriptor.java
          http://jenkins-ci.org/commit/jabber-plugin/d1515ae837d00be74e97882e10dfcbd6077f1b83
          Log:
          Save password scrambled JENKINS-13706

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Christoph Kutzinski Path: pom.xml src/main/java/hudson/plugins/jabber/im/transport/JabberPublisherDescriptor.java http://jenkins-ci.org/commit/jabber-plugin/d1515ae837d00be74e97882e10dfcbd6077f1b83 Log: Save password scrambled JENKINS-13706
          Hide
          Permalink
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Christoph Kutzinski
          Path:
          pom.xml
          src/main/java/hudson/plugins/ircbot/IrcPublisher.java
          http://jenkins-ci.org/commit/ircbot-plugin/cbe23a16db65a2e857ff5f5404a37b61192ffbc2
          Log:
          Save passwords scrambled JENKINS-13706

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Christoph Kutzinski Path: pom.xml src/main/java/hudson/plugins/ircbot/IrcPublisher.java http://jenkins-ci.org/commit/ircbot-plugin/cbe23a16db65a2e857ff5f5404a37b61192ffbc2 Log: Save passwords scrambled JENKINS-13706

            People

            Assignee:
            kutzi kutzi
            Reporter:
            jnrg Julien R.
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: