-
Bug
-
Resolution: Fixed
-
Low
-
2.0.1
-
None
-
None
-
Tested with JIRA 4.0
Maximum Unchanged Password Days (Internal Directory) configuration is not respected by the Applications, only by the Crowd console.
If the password is expired, Crowd still allow users to authenticate to the Applications.
[CWD-1724] Maximum Unchanged Password Days configuration is not respected by the Applications
Workflow | Original: Simplified Crowd Development Workflow v2 - restricted [ 1509309 ] | New: JAC Bug Workflow v3 [ 3364496 ] |
Status | Original: Resolved [ 5 ] | New: Closed [ 6 ] |
Workflow | Original: Simplified Crowd Development Workflow v2 [ 1391085 ] | New: Simplified Crowd Development Workflow v2 - restricted [ 1509309 ] |
Workflow | Original: Crowd Development Workflow v2 [ 271937 ] | New: Simplified Crowd Development Workflow v2 [ 1391085 ] |
Workflow | Original: JIRA Bug Workflow v2 [ 185459 ] | New: Crowd Development Workflow v2 [ 271937 ] |
Resolution | New: Fixed [ 1 ] | |
Status | Original: In Progress [ 3 ] | New: Resolved [ 5 ] |
Status | Original: Open [ 1 ] | New: In Progress [ 3 ] |
Assignee | New: Peggy [ pkuo ] |
Fix Version/s | New: 2.0.4 [ 15040 ] |
This is not a minor bug, it is at least a critical bug. You allow users to log in with a password that is not valid any more! When our security-officer gets info about this he will request to shut down Crowd and replace it by an other software.
When the JIRA-Stack is not able to handle "maximum unchanged days" crowd should not tell JIRA that the incredenials are valid.
Fix this immediate please!