Loading...

XML

Word

Printable

Type: Suggestion
Resolution: Fixed
Fix Version/s: 2.1
Component/s: None
Labels:
None

Feedback Policy:

Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

The forgotten password feature in Crowd should not send a password to the user.

It should not generate a password at all.

The aim will be to send a uniquely random URL to the user so they can choose themselves a new password. This will match the functionality currently seen in Confluence, JIRA and FishEye.

incorporates

CWD-1897 Automatically generated passwords (e.g. password reset) use insecure java.util.Random

Closed

CWD-86 Anyone can reset anyone elses password

Closed

CWD-1014 Reset Password functionality does not consider directory password configuration

Closed

CWD-1551 crowd does not send passwords that meet the given password requirement

Closed

CWD-1676 Password-complexity regex is not enforced when setting a password using soap

Closed

CWD-362 Reset password error is not useful when regex is not passed.

Closed

CWD-1189 Need to provide clearer user console messages for changing password

Closed

is duplicated by

CWD-86 Anyone can reset anyone elses password

Closed

relates to

CWD-2009 Update Admin Reset Password to Atlassian Standard

Closed

(2 incorporates, 1 is duplicated by, 1 relates to)

Assignee:: Unassigned

Reporter:: David O'Flynn [Atlassian]

Votes:: 1 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 21/Apr/2010 3:23 AM

Updated:: 19/Sep/2019 5:51 AM

Resolved:: 25/Jun/2010 12:20 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates