Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Huge usability problem could lead to public display of passwod

Charlie Hayes
Contributor
December 18, 2021

Steps to reproduce:

1. Open link to private jira in a browser without an existing jira session

2. Fill in email address to log in (but make a typo)

3. Enter password in the following screen that looks exactly identical to the "login screen" you're used to

 

Expected result:

Password is masked

 

Actual result:

Password is displayed in clear text

 

I tried to report this as a bug but Jira support website blocked me from doing so because I'm not an admin. Sad news: your best bug reports are going to come from people that aren't admins. Admins will likely filter out all the tickets they feel are not worth filing nor will they follow up for details.

1 comment

Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
December 18, 2021

I am completely unable to replicate this - every password box on the Jira systems I can find does the *** thing, whatever I enter into the email address or user id fields.

Could you show us a screenshot, or even tell us the url so we can try it for ourselves?

Comment

Log in or Sign up to comment
TAGS
AUG Leaders

Atlassian Community Events