Brute force protection on JIRA 4.1 leaks valid account names

XMLWordPrintable

      NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.

      The brute force login protection in JIRA only activates when a real user account is accessed. This can be used by an attacker to harvest a list of valid logins on the system.

      The brute force login protection should activate when either the login or the password is wrong.

              Assignee:
              Unassigned
              Reporter:
              Pramod Korathota (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: