Uploaded image for project: 'Bitbucket Data Center'
  1. Bitbucket Data Center
  2. BSERV-9904

AuthenticationFailureEvent is logged when using a clone string containing only the username

XMLWordPrintable

      Summary

      The AuthenticationFailureEvent is logged in the audit log when the clone is performed by using a clone string containing only the username

      Steps to Reproduce

      1. Perform a clone using http as protocol
        1. Make sure that the clone URL contains the username and no password (e.g git clone http://<username>@<bitbucket_url>:<bitbucket_port>/scm/<project_key>/<repository_slug>.git)

      Expected Results

      No AuthenticationFailureEvent is logged.

      Actual Results

      The below line is logged in the atlassian-bitbucket-audit.log file:

      <source_ip> | AuthenticationFailureEvent | <username> | 1499322505203 | <username> | {"authentication-method":"basic","error":"Invalid username or password."} | <session_id> | -

      Workaround

      Use one of the following options for cloning:

      1. Use ssh as a protocol
      2. Provide the password in the clone string when using http (e.g git clone http://<username>:<password>@<bitbucket_url>:<bitbucket_port>/scm/<project_key>/<repository_slug>.git)
      3. Don't provide the username when performing the clone, the user interface will prompt for it (e.g git clone http://<bitbucket_url>:<bitbucket_port>/scm/<project_key>/<repository_slug>.git)
      4. Update the audit log level to NONE, this will disable the audit logging feature entirely

              Unassigned Unassigned
              ccurti Caterina Curti
              Votes:
              1 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: