Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Two JIRA users constantly logged out and prompted for CAPTCHA.

Matt Winward
Matt Summers February 19, 2014

Hi all.

We have a single server hosting Crowd, Stash, FishEye, Bamboo and JIRA anc Crowd is providing active directory authentication for the other four products.

Since changing my domain password, I've found that my JIRA failed login count has gone through the roof. The security log even shows failed logins for times that I've not been in the office. Typically, I'll go to use JIRA and it'll prompt me for a CAPTCHA login, and I'll have to go through the following process before I can get in:

  1. Login with my real credentials and provide CAPTCHA (fails).
  2. Login in with bogus credentials and provide CAPTCHA (fails).
  3. Login in my real credentials, no CAPTCHA required (fails).
  4. Login with my real credentials and provide CAPTCHA (works).

This happens quite frequently, and it's only happening to two of us in the office since we changed our network passwords, and I can't work out why. I even tried setting the CAPTCHA failed login maximum to unlimited, but it still requests it.

Looking at the log files, I also found that when it does decide to randomly fail a login, it doesn't increase the login fail count by one, but by eight, as evidenced by these consecutive log entries:

anonymous /browse/(issue) The user '(Username)' is required to answer a CAPTCHA elevated security check.  Failure count equals 13

anonymous /login.jsp The user '(Username)' is required to answer a CAPTCHA elevated security check.  Failure count equals 14

anonymous /login.jsp The user '(Username)' is required to answer a CAPTCHA elevated security check.  Failure count equals 15

anonymous /captcha The user '(Username)' is required to answer a CAPTCHA elevated security check.  Failure count equals 16

anonymous /rest/helptips/1.0/tips The user '(Username)' is required to answer a CAPTCHA elevated security check.  Failure count equals 17

anonymous /rest/menu/latest/appswitcher The user '(Username)' is required to answer a CAPTCHA elevated security check.  Failure count equals 18

anonymous /rest/nav-links-analytics-data/1.0/ The user '(Username)' is required to answer a CAPTCHA elevated security check.  Failure count equals 19

anonymous /rest/api/2/attachment/meta The user '(Username)' is required to answer a CAPTCHA elevated security check.  Failure count equals 20

This means that my failed login count can reach the thousands, which is crazy.

I tried uninstalling the Atlassian connector from Visual Studio, in the hopes that this was causing the failed logins, but it's still happening. I'm very close to adding a trigger to the right table so that as soon as the failed login count goes up by one, it's immediately set back to zero! But I imagine I'd still be logged out - it's just that I wouldn't be faced with a CAPTCHA request each time.

Any ideas?

Answer
Watch
Like Giuseppe_Passino likes this
1762 views

1 answer

1 accepted

1 vote
Answer accepted
Matt Winward
Matt Summers February 23, 2014

So it turns out I'm an idiot. I still had my RSS reader running in my system tray using my old credentials!

View More Comments
Anson Hoyt
Anson Hoyt
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 16, 2014

Still seems like something is off. It makes sense that your RSS reader triggering JIRA to require a CAPTCHA. It doesn't make sense (to me) that step #1 didn't work. If you login with your credentials and provide a CAPTCHA, shouldn't it let you in?

Like
Matt Winward
Matt Summers April 21, 2014

Yeah that's the weird part. Once it requires CAPTCHA, I have to log in with the wrong username first, otherwise it just won't accept my credentials. I can't think why that would be, though. I can only imagine it's a bug either in the application or the database.

Like
Giuseppe_Passino
Giuseppe_Passino May 4, 2015

and this happens exactly the same way to me... the login doesn't work unless I do a workaround (I found reloading the captcha also works), And I also had an rss reader configured with the wrong password :)

Like
Stacey Sproul
Stacey Sproul January 30, 2020

Im running firefox 32 (no, I cant upgrade) it doesn't look like I can even set RSS feeds in it (?) 

Yet (via looking at the logs) jira seems to continuously try to log me in, even when I am not at work, until I get presented with a captcha fail. 

I am always unable to remedy the captcha fail and have to have the admin reset the account.

Thoughts, guidance, opinions?

Like
Venkat Pragallapati
Venkat Pragallapati July 13, 2020

@Stacey Sproul  - Same happening for me too. Were you able to fix it?

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events