I was really badly surprise to see my password display in the URL when i click on Bitbucket from JIRA or Confluence.
https://bitbucket.org/my-atlassian-passord-in-clear/workspace/overview
that means my password is not encripted, can be found by a lot of people, is very vulnerable due to this bug and Atlassian expose it without taking the minimum of security mesure.
Can you share if you have the same vulnerability ?
Hi @Claude Cuttaia ,
Welcome to the community!
That is indeed very peculiar. Usually that part of the URL should be the name of the workspace you are in or your username, it should never be your actual password (unless they are identical).
So, if you can confirm that your password is being leaked here, I would suggest contacting Atlassian directly, you can report a vulnerability here: https://www.atlassian.com/trust/security/report-a-vulnerability
Best regards,
Oliver
Thanks you Oliver for your answer,
I confirm that it is my password in plain text and that it is different than my account name and user name, so I contacted support.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.