Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Jira is populating user names in login page

vivekrao_k
vivekrao_k May 17, 2021

HI Everyone,

 

We have recently upgraded our Jira from 7.12 to 8.13 and one of the security vulnerability needs to be fixed. please share your knowledge to resolve the same

 

when we place cursor on username field it is automatically showing username below. which needs to be prevented.

 

Thank you in advance.

snip attached for community.PNG 

Answer
Watch
Like Alex Medved _ConfiForms_ likes this
918 views

1 answer

2 votes
Daniel Eads
Daniel Eads
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 19, 2021

Hi @vivekrao_k ,

This looks like the browser is remembering previous values entered into the form, rather than something Jira is trying to autocomplete server-side. My suggestion would be to clear or disable the autofill feature in the browser. Here's an article describing how to do this for the most popular browsers on both Mac and Windows.

Cheers,
Daniel

View More Comments
vivekrao_k
vivekrao_k May 19, 2021

HI @Daniel Eads 

Thank you for the response, but for the previous versions of Jira(7.12) and confluence (6.12) , had seen this login population was disabled by editing of login.vm in confluence and login.jsp in Jira, if you have any idea regarding what value needs to be changed to solve this issue.. but in latest version Jira 8.13 and confluence 7.14 i am doing the same changes but it is not reflecting.

your suggestion would be appreciated.

Like
Daniel Eads
Daniel Eads
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 20, 2021

Hi @vivekrao_k ,

Browsers have not supported this consistently for a while. According to the Mozilla developer docs: 

Modern browsers implement integrated password management: when the user enters a username and password for a site, the browser offers to remember it for the user. When the user visits the site again, the browser autofills the login fields with the stored values.

Additionally, the browser enables the user to choose a master password that the browser will use to encrypt stored login details.

Even without a master password, in-browser password management is generally seen as a net gain for security. Since users do not have to remember passwords that the browser stores for them, they are able to choose stronger passwords than they would otherwise.

For this reason, many modern browsers do not support autocomplete="off" for login fields:

  • If a site sets autocomplete="off" for a <form>, and the form includes username and password input fields, then the browser still offers to remember this login, and if the user agrees, the browser will autofill those fields the next time the user visits the page.
  • If a site sets autocomplete="off" for username and password <input> fields, then the browser still offers to remember this login, and if the user agrees, the browser will autofill those fields the next time the user visits the page.

This is the behavior in Firefox (since version 38), Google Chrome (since 34), and Internet Explorer (since version 11).

Like
Reply

Suggest an answer

Log in or Sign up to answer
Atlassian logo
Atlassian Account
TAGS
AUG Leaders

Atlassian Community Events

    See all events