Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 5.8.5
Affects Version/s: 5.5.6, 5.6.5
Component/s: None
Labels:

Bug Fix Policy:
View Atlassian Server bug fix policy

Using the forgotten password feature in Confluence it is possible to find out which email addresses are stored in the system from the responses given from the form when submitted.

These responses need to be made generic so that it is not possible to tell which email addresses are or are not stored in the database.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List

bademail.png
33 kB
27/Aug/2014 6:00 AM
genericerror.png
29 kB
27/Aug/2014 6:00 AM
genericyes.png
20 kB
27/Aug/2014 6:00 AM

is caused by

JRACLOUD-65725 Username enumeration using the Login page in OnDemand

Closed

is duplicated by

CONFSERVER-22388 "Forgot Password" feature should not reveal that a given username exists within Confluence for security reason

Closed

mentioned in: Page Loading...; Page Loading...

Assignee:: Minh Tang (Inactive)

Reporter:: Steve Haffenden (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 26/Aug/2014 11:32 PM

Updated:: 11/Oct/2018 8:59 AM

Resolved:: 11/Jun/2015 10:04 AM

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates