Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Is the error message 'Could not find user' when using Forgot Password' configurable?

Al_Wickman
Al_Wickman September 14, 2016

if you put a bad email address into the Crucible "forgot password" - you get a message informing you that the email does not exist - "Could not find user joe.blow@company.com". This is not security best practice as it lets the hacker know that the email is valid for use somewhere within the company network. Is this configurable to state "an email has been sent if we recognize the address" or similar?

Answer
Watch
Like Be the first to like this
358 views

1 answer

1 accepted

2 votes
Answer accepted
Mikolaj Zyromski
Mikolaj Zyromski
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 14, 2016

Hi,

Thanks for your question. Since v4.0 FishEye/Crucible is no longer exposing the information on whether the email exists or not. See the following JIRA ticket for the reference: https://jira.atlassian.com/browse/FE-6191.

 

Best Regards,

Mikolaj Zyromski

FishEye/Crucible Team

View More Comments
Al_Wickman
Al_Wickman September 15, 2016

Thank you!

Like
Reply

Suggest an answer

Log in or Sign up to answer
Fisheye
Fisheye/Crucible
TAGS
AUG Leaders

Atlassian Community Events

    See all events