Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-2457

"Forgot Password/Username" form doesn't validate the inputed variable

XMLWordPrintable

      Summary of The Bug

      Crowd "Forgot Password" and "Forgot Username" form does not checked the validity of the user name. When user enter the wrong username/e-mail which is not existed on the database, the expected message are "Sorry, username/e-mail is not exist on the system", however Crowd throw the same message as existed username.

      Username message

      Password message

      Crowd log (atlassian-crowd.log) recognize that the user is not exist means that Crowd do check if the user existed or not.

      2011-05-16 15:14:26,255 http-8095-2 INFO [crowd.manager.login.ForgottenLoginManagerImpl] No usernames found for email address: nothing

      Steps to reproduce

      1. Access Crowd console
      2. Click the "Can't access your account" button
      3. Choose either option
      4. Enter a non-existing username/e-mail

        1. username(2.2.4).png
          username(2.2.4).png
          4 kB
        2. password(2.2.4).png
          password(2.2.4).png
          7 kB

            Unassigned Unassigned
            scahyadiputra Septa Cahyadiputra (Inactive)
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: