if you put a bad email address into the Crucible "forgot password" - you get a message informing you that the email does not exist - "Could not find user joe.blow@company.com". This is not security best practice as it lets the hacker know that the email is valid for use somewhere within the company network. Is this configurable to state "an email has been sent if we recognize the address" or similar?
Hi,
Thanks for your question. Since v4.0 FishEye/Crucible is no longer exposing the information on whether the email exists or not. See the following JIRA ticket for the reference: https://jira.atlassian.com/browse/FE-6191.
Best Regards,
Mikolaj Zyromski
FishEye/Crucible Team
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Online forums and learning are now in one easy-to-use experience.
By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.