Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Why doesn't the jira login page tell you when the password entered is incorrect

Support
Support
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
January 3, 2019

We currently have Jira Server version 7.12.0 loaded and it is tied into our LDAP server. When users go to login to the server and fat finger their password the login page just sits there with the spinning icon and doesn't do anything. When I look under the atlassian-jira-security.log it is saying that the user tried to log in but they do not have USE permissions or weren't found. 

We had the user reset their password in ad and everything worked great then. However, my question is why doesn't the login splash page tell the user they entered their password in wrong? Any thoughts/suggestions or tips on what I can do to resolve that would be greatly appreciated. 

Answer
Watch
Like Be the first to like this
228 views

1 answer

0 votes
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
January 3, 2019

Because that would give an attacker the ability to get a complete list of all your user IDs to make an attack on your system easier.

However, there is also something wrong with your Jira - when a user gets the login wrong, it should return them to the login page.  You should work out why it's failing to do that - do you have add-ons that inject javascript or any hacks?

View More Comments
Support
Support
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
January 4, 2019

No, we don't have any addon's that inject any javascript or any hacks. 

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
January 4, 2019

Ok, you'll need to read the logs and check what the browser is doing as it fails to return bad logins to the login screen.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events