In our corporate environment the policy for user account passwords is to change them every 3 months.
In one of our Maven projects we have the M2 release plugin configured so that the Maven release Subversion operations are performed in the context of the user by enabling the option "Specify SCM login/password".
This led to the issue that the command line tools of Subversion persisted the credentials in the file C:\Users\jenkins.HOSTNAME\AppData\Roaming\Subversion\auth\svn.simple.
When the Subversion plugin was doing the next update this operation was done with the new credentials. After the user had to change its password the Windows build node still had the old credentials stored and was performing every 5 minute Subversion check with the wrong password.
Unfortunately we also have a policy that locks an account after 5 failed attempts, locking the user's account after 25 minutes.
Maven release plugin already has the option --no-auth-cache added since Maven 2.1 (http://jira.codehaus.org/browse/MRELEASE-497) in order to suppress this behavior.
The question is, does the M2 Release Plugin (0.13.0) perform an SVN command line option as well or how could it happen that the credentials were persisted, as described above?