Password displayed in clear text when logging in to a websudo session that has expired

XMLWordPrintable

    • 6

      When entering the username/password in the websudo dialog after the user session has expired, JIRA displays all submitted values, including the password in clear text.

      This is a breach in security; the password should never be displayed in clear text on a web page.

        1. 20130925-JIRA-SessionExpiredPasswordDisclosure.png
          20 kB
          Christoffer Soop

              Assignee:
              Unassigned
              Reporter:
              Christoffer Soop
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: