Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,360,321
Community Members
 
Community Events
168
Community Groups

Is the error message 'Could not find user' when using Forgot Password' configurable?

if you put a bad email address into the Crucible "forgot password" - you get a message informing you that the email does not exist - "Could not find user joe.blow@company.com". This is not security best practice as it lets the hacker know that the email is valid for use somewhere within the company network. Is this configurable to state "an email has been sent if we recognize the address" or similar?

1 answer

1 accepted

2 votes
Answer accepted

Hi,

Thanks for your question. Since v4.0 FishEye/Crucible is no longer exposing the information on whether the email exists or not. See the following JIRA ticket for the reference: https://jira.atlassian.com/browse/FE-6191.

 

Best Regards,

Mikolaj Zyromski

FishEye/Crucible Team

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Jira

Online AMA this week: Your project management questions answered by Jira Design Lead James Rotanson

We know that great teams require amazing project management chops. It's no surprise that great teams who use Jira have strong project managers, effective workflows, and secrets that bring planning ...

192 views 1 6
Read article

Atlassian Community Events