Loading...

XML

Word

Printable

Type: Suggestion
Resolution: Fixed
Fix Version/s: 2.1
Component/s: None
Labels:
None

The forgotten password feature in Crowd should not send a password to the user.

It should not generate a password at all.

The aim will be to send a uniquely random URL to the user so they can choose themselves a new password. This will match the functionality currently seen in Confluence, JIRA and FishEye.

incorporates

CWD-1897 Automatically generated passwords (e.g. password reset) use insecure java.util.Random

Closed

CWD-86 Anyone can reset anyone elses password

Closed

CWD-1014 Reset Password functionality does not consider directory password configuration

Closed

CWD-1551 crowd does not send passwords that meet the given password requirement

Closed

CWD-1676 Password-complexity regex is not enforced when setting a password using soap

Closed

CWD-362 Reset password error is not useful when regex is not passed.

Closed

CWD-1189 Need to provide clearer user console messages for changing password

Closed

is duplicated by

CWD-86 Anyone can reset anyone elses password

Closed

relates to

CWD-2009 Update Admin Reset Password to Atlassian Standard

Closed

(2 incorporates, 1 is duplicated by, 1 relates to)

Assignee:: Unassigned
Reporter:: David O'Flynn [Atlassian]
Votes:: 1 Vote for this issue
Watchers:: 3 Start watching this issue

Created:: 21/Apr/2010 3:23 AM
Updated:: 19/Sep/2019 5:51 AM
Resolved:: 25/Jun/2010 12:20 AM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates