User is unintentionally logged in as other user

Administrator November 15, 2021

Hello all,

we are running a Jira server with crowd connection to a Windows AD.

I have received a report of some strange behavior, which unfortunately I can neither reproduce nor verify. 2 different employees have reported to me, independently and staggered in time, that they were suddenly logged in as a different user after logging in. It can be assumed that they saved their own login data in the browser and only pressed the "Login" button. The users they were then suddenly in Jira probably never logged in on the same machine.

Does anyone have any idea what this could be due to? What confgiurations could lead to such security related behavior. Where would I be able to track this in the logs if applicable?

Thank you very much.

8 answers

2 votes
Biplab Mohapatra
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
October 7, 2024

Hi Team, 

 

Any update on this issue? We are facing similar issue more often on our Jira DC 9.x. Let us know what can be the reason for this and does this have any security concerns as one user doing things as another user. Let's take an example, one user created two tickets, but not able to see those tickets. The reporter seems as the other user and he can not do anything on this.

Help me on this Asap. Things are getting worse day by day. 

0 votes
Josh Singleton
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
December 10, 2024

Atlassian Team, we are now experiencing this issue as well. The silence from the company is pretty alarming. There are lots of security questions that we need answers for. Please advise.

0 votes
Catherine M
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
October 14, 2024

We are experiencing the same issue on our jira dc 9.15.2

Any fix would be appreciated 

0 votes
Francisco Aguilar
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
September 23, 2024

Are there any leads or updates on this issue, we also see this random behaviour on our Jira DC 9X

0 votes
DEV OPS
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
September 10, 2024

Hello all,

I got this same problem in version 8.5.1 Jira Server. I would like to know if there is any way to fix it?

Best regards

0 votes
gardnera
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
May 25, 2023

This has also just affected me on our instance (Jira DataCenter 8.20.10) - working as normal and then suddenly I was a different user and the popup regarding my timezone being different from the one in my profile was alerting. We appear to have come under a DDoS attack on Monday but this was mitigated but not sure if this is an ongoing part of the attack or something different?

We are in no position to upgrade to 9.x as we haven't done any testing in UAT but are considering an upgrade to 8.20.22 if there are known security fixes that could relate to this

0 votes
Deniz Oğuz - Starware May 17, 2023

Hi,

Other than username and password, users can perform actions using authentication tokens. Please check the tokens and rewoke the ones you don’t want. 

0 votes
asasse May 17, 2023

Unfortunately I can not provide a solution for this issue but I can tell, that yesterday we had a very similar issue on our site (Jira 8.20 DataCenter): One already logged-in userA suddenly appeared to be logged in as a different userB. From the logs (atlassian-jira.log and atlassian-jira-security.log) I can tell, that both users were already logged-in and working on different machines (different IP-Addresses were logged for the user actions). Then suddenly the logged actions for userB changed: The logged IP Address was then the one of the other userA. There were no login/logout actions in that time period as well as no destroyed user sessions visible in the logfiles. 

Any ideas about reasons or solutions would be very appreciated from me as well.

Thanks.

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
SERVER
VERSION
8.13.11
TAGS
AUG Leaders

Atlassian Community Events