-
Type:
Suggestion
-
Resolution: Won't Fix
-
None
-
Component/s: Login
NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.
The brute force login protection in JIRA only activates when a real user account is accessed. This can be used by an attacker to harvest a list of valid logins on the system.
The brute force login protection should activate when either the login or the password is wrong.
- relates to
-
JRACLOUD-21036 Brute force protection on JIRA 4.1 leaks valid account names
- Closed