Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-23033

TFS Password visible in view source

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Critical Critical
    • tfs-plugin
    • Team Foundation Server Plugin v3.0.1

      The password that is entered in the job configuration when connecting to TFS is visible in the browsers "view source". This is a big issue for us because we need to use our domain users to connect to TFS and Jenkins is open to everyone in the company.
      The value in the password field when you enter configuration and the password was already set should be a placeholder that indicates the server that the password didn't change from the last time (something like "samepassword", but more complex, to avoid actual users from using that password).

          [JENKINS-23033] TFS Password visible in view source

          Roberto Powell created issue -
          SCM/JIRA link daemon made changes -
          Resolution New: Fixed [ 1 ]
          Status Original: Open [ 1 ] New: Resolved [ 5 ]
          Olivier Dagenais made changes -
          Assignee Original: redsolo [ redsolo ] New: Olivier Dagenais [ oli_at_jsi ]
          Labels New: password security
          Olivier Dagenais made changes -
          Status Original: Resolved [ 5 ] New: Closed [ 6 ]
          R. Tyler Croy made changes -
          Workflow Original: JNJira [ 155354 ] New: JNJira + In-Review [ 207710 ]

            oli_at_jsi Olivier Dagenais
            mompox Roberto Powell
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: