Password displayed in clear text when logging in to a websudo session that has expired

XMLWordPrintable

    • 6

      When entering the username/password in the websudo dialog after the user session has expired, JIRA displays all submitted values, including the password in clear text.

      This is a breach in security; the password should never be displayed in clear text on a web page.

        1. 20130925-JIRA-SessionExpiredPasswordDisclosure.png
          20130925-JIRA-SessionExpiredPasswordDisclosure.png
          20 kB

            Assignee:
            Unassigned
            Reporter:
            Christoffer Soop
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: