Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Huge usability problem could lead to public display of passwod

Charlie Hayes
Charlie Hayes December 18, 2021

Steps to reproduce:

1. Open link to private jira in a browser without an existing jira session

2. Fill in email address to log in (but make a typo)

3. Enter password in the following screen that looks exactly identical to the "login screen" you're used to

 

Expected result:

Password is masked

 

Actual result:

Password is displayed in clear text

 

I tried to report this as a bug but Jira support website blocked me from doing so because I'm not an admin. Sad news: your best bug reports are going to come from people that aren't admins. Admins will likely filter out all the tickets they feel are not worth filing nor will they follow up for details.

Comment
Watch
Like Be the first to like this
324 views

1 comment

Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
December 18, 2021

I am completely unable to replicate this - every password box on the Jira systems I can find does the *** thing, whatever I enter into the email address or user id fields.

Could you show us a screenshot, or even tell us the url so we can try it for ourselves?

Like
Reply

Comment

Log in or Sign up to comment
Atlassian logo
Atlassian Account
TAGS
AUG Leaders

Atlassian Community Events

    See all events