Each failed login attempt via basic auth increases the failed login count by 2

XMLWordPrintable

    • 2
    • Severity 3 - Minor

      NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report.

      I have a user called "fred" with the password "fred".

      Whenever I try to authenticate as him using basic auth and the wrong password, the Current Failed Login Count increases by 2, not 1.

      With CAPTCHA set to required after 3 failures, this means it is instead requiring CAPTCHA after 2 failures.

      Before the attempt:

      Bad login request: (the credentials are fred:notfred)

      Unauthorised response:

      Value is incorrect:

        1. 1FredBeforeLogin.png
          9 kB
          Penny Wyatt (On Leave to July 2021)
        2. 2FredBadLoginRequest.png
          5 kB
          Penny Wyatt (On Leave to July 2021)
        3. 3FredBadLoginResponse.png
          16 kB
          Penny Wyatt (On Leave to July 2021)
        4. 4FredIncorrectLoginCount.png
          12 kB
          Penny Wyatt (On Leave to July 2021)

            Assignee:
            Unassigned
            Reporter:
            Penny Wyatt (On Leave to July 2021)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: