Details
-
Bug
-
Resolution: Won't Fix
-
Low
-
Severity 3 - Minor
-
Description
This can pose a security issue. For example, information about the username can be used to perform dictionary attacks on the login page. Suggest just using the username stored in the session while editing your own profile, or a POST for editing other users
Steps to Reproduce:
1. Go to View Ossue page.
2. Click on the user in the user detail pop-up. Notice the username in the URL.
Attachments
Issue Links
- is related to
-
JRACLOUD-44207 atl_token appended to request URL
- Closed