Hi all
I just notiecd that Crowd (embedded version as well as standalone) stores passwords for directories and applications in clear text (table cwd_directory_attribute / ldap.password & application.password). I believe that is a big security issue so I wonder if there is a workaround available or if this is just a matter of configuration?
Thanks
Peter
There is an open Crowd issue for this - CWD-1876. However, if the password in the database is encrypted, this still leaves the problem of how to store the master key securely.
 
 
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.