Details
-
Bug
-
Resolution: Won't Fix
-
Low
-
None
-
2.1.1, 2.2.2, 2.2.4
Description
Summary of The Bug
Crowd "Forgot Password" and "Forgot Username" form does not checked the validity of the user name. When user enter the wrong username/e-mail which is not existed on the database, the expected message are "Sorry, username/e-mail is not exist on the system", however Crowd throw the same message as existed username.
Username message
Password message
Crowd log (atlassian-crowd.log) recognize that the user is not exist means that Crowd do check if the user existed or not.
2011-05-16 15:14:26,255 http-8095-2 INFO [crowd.manager.login.ForgottenLoginManagerImpl] No usernames found for email address: nothing
Steps to reproduce
- Access Crowd console
- Click the "Can't access your account" button
- Choose either option
- Enter a non-existing username/e-mail
Attachments
Issue Links
- is related to
-
CWD-3484 Password reset messages are misleading and not conditional (UX issues)
- Closed
-
JRASERVER-44685 Password reset messages are misleading
- Gathering Interest