Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Huge usability problem could lead to public display of passwod

Charlie Hayes
Charlie Hayes
Contributor
December 18, 2021

Steps to reproduce:

1. Open link to private jira in a browser without an existing jira session

2. Fill in email address to log in (but make a typo)

3. Enter password in the following screen that looks exactly identical to the "login screen" you're used to

 

Expected result:

Password is masked

 

Actual result:

Password is displayed in clear text

 

I tried to report this as a bug but Jira support website blocked me from doing so because I'm not an admin. Sad news: your best bug reports are going to come from people that aren't admins. Admins will likely filter out all the tickets they feel are not worth filing nor will they follow up for details.

Answer
Watch
Like Be the first to like this
472 views

1 answer

0 votes
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 18, 2021

I am completely unable to replicate this - every password box on the Jira systems I can find does the *** thing, whatever I enter into the email address or user id fields.

Could you show us a screenshot, or even tell us the url so we can try it for ourselves?

Reply

Suggest an answer

Log in or Sign up to answer
Atlassian logo
Atlassian Account
TAGS
AUG Leaders

Atlassian Community Events

    See all events