Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 4.1
Affects Version/s: None
Component/s: Email notifications, Project Administration - Permissions
Labels:
None

Support reference count:
8
Bug Fix Policy:
View Atlassian Server bug fix policy

Anyone can reset the password of a user whose ID they know.
Verified on the test system.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List

user login after reset.jpg
139 kB
02/Apr/2010 6:57 AM

duplicates

JRASERVER-1204 Security and validation of email & passwords

Closed

is duplicated by

JRASERVER-16592 New-account creation process fails to mask password in plain-text e-mail sent to new user

Closed

JRASERVER-18279 EPIC FAIL: new user signups result in plain text email with all login details

Closed

JRASERVER-10600 DON'T SEND PASSWORDS OVER THE INTERNET IN PLAIN TEXT!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Closed

is related to

JRASERVER-15122 Encrypt passwords sent from login portlet/page to server.

Closed

relates to

JRASERVER-15916 Check box in signup window

Closed

(1 relates to)

Assignee:: ɹǝʞɐq pɐɹq

Reporter:: Spencer Proffit

Votes:: 34 Vote for this issue

Watchers:: 15 Start watching this issue

Created:: 11/Mar/2005 12:11 AM

Updated:: 16/Oct/2018 12:41 AM

Resolved:: 15/Oct/2009 12:21 AM