reminder mail for password sent in plain text

This is not an area that we control as it is handled by Taleo. However, we are looking to replace the log-in with our own SSO and these will become obsolete.

Neil thanks for commenting, I think the bug should either then be marked Invalid as the code isn't Canonical or We can't fix as we won't fix is harsh. The bug is still an issue and also questions how passwords are stored in the system.

I agree that sending passwords in plain text email is not ideal but as Neil says we have limited control over this. The application system is powered by a SaaS application called Taleo and while we can adjust certain aspects of it through configuration we cannot change this part ourselves. We do however file issues with them and will do that now with this bug. FWIW the default configuration of Taleo also tells you your password unpromted at the end of the initial application process in large, red, plain text right in your browser window. We were able to switch that off and have alerted Taleo to the problems that represents.

As admins on the recruiting site back-end we do not have access to passwords and cannot even reset them. We rely on Taleo to keep this information secure through the contract we have with them.

Henrik, thanks that's all I wanted to make sure was going to be done, so the status of won't fix does't convey that really, even if the status was invalid with your above reason to me makes a lot more sense.

A case has been filed with Taleo' under reference 01223771