if you put a bad email address into the Crucible "forgot password" - you get a message informing you that the email does not exist - "Could not find user firstname.lastname@example.org". This is not security best practice as it lets the hacker know that the email is valid for use somewhere within the company network. Is this configurable to state "an email has been sent if we recognize the address" or similar?
Thanks for your question. Since v4.0 FishEye/Crucible is no longer exposing the information on whether the email exists or not. See the following JIRA ticket for the reference: https://jira.atlassian.com/browse/FE-6191.
Badges are a great way to show off community activity, whether you’re a newbie or a Champion.Learn more
An efficient enterprise content management system, or ECM, is a must-have for companies that create work online (cough cough, all companies). If content calendars, marketing plans, and bu...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs