Good morning, how can I fix this vulnerability?
I tried the solution described in the following link but it does not work. In new versions it can be entered as JIRA application options?
Can you help me?
Autocomplete is not a "vulnerability". It is, in fact, the opposite nowadays.
In the past, you could argue that allowing a browser to fill in a password was a risk. But people have finally started to understand that if you force people to type a password every time, they
Both of those are massive security risks.
Nowadays, people use password safes so they can have unique and very complex (i.e. secure) passwords without writing them down. Most implementations of these use autocomplete to fill in passwords without exposing them to view at all.
So. Where ever you have seen the advice to disable autocomplete, it is wrong.
If you must do this because your security people don't know what they're doing, then the theory in the article is still the only way to do it - you need to unpack the gadgets jar, find the login template, hack it, and re-pack it.
But I would not do it. It also renders your system unsupported by the vendor, which is classed as a security risk in many places.
In the past, Portfolio for Jira required a high degree of detail–foresight that was unrealistic for many businesses to have–in order to produce a reliable long-term roadmap. We're tur...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs