[JENKINS-8774] CIFS-Publisher prints password in cleartext in log and settings file

Type: Bug
Resolution: Fixed
Priority: Major
Component/s: cifs-plugin
Labels:
None
Environment:
Hudson 1.395
CIFS-Publisher Plugin 1.1.12
Windows XP SP3 Host

Similar Issues:
Powered by SuggestiMate

Show
URL:
http://issues.hudson-ci.org/browse/HUDSON-8720

See HUDSON-8720 for the original issue before the move to Jenkins.

The password for the share appears in cleartext in hudson.out.log (I believe it happens when saving the system configuration) and in com.slide.hudson.plugins.CIFSPublisher.xml.

The password should never be stored/displayed or it should be stored encrypted or as a hash.

Alex Earl added a comment - 2011-02-16 04:53

Removed output of URL to the log or to stdout. Added a warning in the configuration to show that the password would be stored in plain text.

Alex Earl added a comment - 2011-02-16 04:53 Removed output of URL to the log or to stdout. Added a warning in the configuration to show that the password would be stored in plain text.

Darth Vader added a comment - 2011-03-23 19:29

Tested in 1.1.13. The password does not show in the log. There is a warning that the password is in cleartext in the help.

Darth Vader added a comment - 2011-03-23 19:29 Tested in 1.1.13. The password does not show in the log. There is a warning that the password is in cleartext in the help.

Assignee:: Alex Earl

Reporter:: Darth Vader

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Created:: 2011-02-11 22:55

Updated:: 2011-03-23 19:29

Resolved:: 2011-02-16 04:53

Jenkins

Details

Description

Attachments

Activity

Collapse comment: Alex Earl added a comment - 2011-02-16 04:53

Expand comment: Alex Earl added a comment - 2011-02-16 04:53

Collapse comment: Darth Vader added a comment - 2011-03-23 19:29

Expand comment: Darth Vader added a comment - 2011-03-23 19:29

People

Dates