-
Type:
Suggestion
-
Resolution: Won't Fix
-
Component/s: Navigation - Login
NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion.
The brute force login protection in JIRA only activates when a real user account is accessed. This can be used by an attacker to harvest a list of valid logins on the system.
The brute force login protection should activate when either the login or the password is wrong.
- is related to
-
JRASERVER-21036 Brute force protection on JIRA 4.1 leaks valid account names
- Closed