Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,362,536
Community Members
 
Community Events
168
Community Groups

Huge usability problem could lead to public display of passwod

Steps to reproduce:

1. Open link to private jira in a browser without an existing jira session

2. Fill in email address to log in (but make a typo)

3. Enter password in the following screen that looks exactly identical to the "login screen" you're used to

 

Expected result:

Password is masked

 

Actual result:

Password is displayed in clear text

 

I tried to report this as a bug but Jira support website blocked me from doing so because I'm not an admin. Sad news: your best bug reports are going to come from people that aren't admins. Admins will likely filter out all the tickets they feel are not worth filing nor will they follow up for details.

1 comment

I am completely unable to replicate this - every password box on the Jira systems I can find does the *** thing, whatever I enter into the email address or user id fields.

Could you show us a screenshot, or even tell us the url so we can try it for ourselves?

Comment

Log in or Sign up to comment