Details
Description
Issue Summary
Login name of user is not logged in Audit logs on the failed login attempt
In the AuditLog event Web UI the authentication failed event shows the user as anonymous and there is no way to find out the user that tried to login.
previously with the Version 7.21 user name of user attempting to login is logged in audit logs with the the legacy attributes bitbucket.audit.attribute.legacy.target.
Example snippet below:
The user that tried login below is user.0
"name":"target","nameI18nKey":"bitbucket.audit.attribute.legacy.target","value":"user.0
Steps to Reproduce
- Have an instance with audit logging enabled with security coverage set to Advanced
- Try logging in with an incorrect password
- Navigate to the audit logs page, you will see the User login failed event in the list with user as Anonymous
- check the audit log by navigating to logs/audit folder
Affected Versions:
8.x
Expected Results
User details on the login failed event should be logged in the Audit logs. OR
There should be way to identify the username of the user trying to login as audit log web UI list the user as anonymous on failed login attempt
Actual Results
User details on login failed event does no appear in the Audit logs.
Workaround
No known workaround so far
Investigation Done:
Previously with the 7.21 the username of the user is logged in audit logs however it seems like, legacy attributes were removed from audit log events starting 8.0.
Attachments
Issue Links
- mentioned in
-
Page Loading...