Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

JIRA Server Transmits Cleartext Credentials

Abhijit Kirdat
Abhijit Kirdat February 1, 2018

Hi, We have recently implemented JIRA Service desk and want to publish over internet for onsite teams. But during VAPT we come to know about below vulnerability and want to close before publishing JIRA over internet. Please help to close the same .

We have already configured SSL certificate for JIRA.

 

"Web Server Transmits Cleartext Credentials"

Answer
Watch
Like Be the first to like this
659 views

1 answer

0 votes
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 1, 2018

Not sure what Virginia Association for Pupil Transportation has to do with this, but you'll need to explain more than just a random warning from whatever you're doing.

It looks like a security problem, but I'd suggest you need to explain how it was found and what the methodology was.

View More Comments
Abhijit Kirdat
Abhijit Kirdat February 1, 2018

We did nessus vulnerability scanning where we come to know about this vulnerability where JIRA web server is transmit credentials in cleartext from browser to webserver it should not be in cleartext. Please help in getting this address asap.

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 1, 2018

What does the documentation say the vulnerability is?  And where in Jira does it happen?

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira Service Desk
Jira Service Management
TAGS
AUG Leaders

Atlassian Community Events

    See all events