Loading...

XML

Word

Printable

Details

Type: Suggestion
Resolution: Won't Fix
Fix Version/s: None
Component/s: Login, Security
Labels:

UIS:
25
Feedback Policy:

We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

Description

This came out in a recent security scan our internal Cyber Security team ran against both UAT and Production Jira environments.

The Web server allows form based authentication without disabling the AutoComplete feature for the password field.

If the browser is used in a shared computing environment where more than one person may use the browser, then "autocomplete" values may be retrieved or submitted by an unauthorized user.

Contact the vendor to have the AutoComplete attribute disabled for the password field in all forms. The AutoComplete attribute should also be disabled for the user ID field.
Developers can add the following attribute to the form or input element: autocomplete="off"
This attribute prevents the browser from prompting the user to save the populated form values for later reuse.

We need a way to disable AutoComplete in the login screen from inside the Jira GUI or by any other means that is actually supported by Atlassian.

Attachments

Issue Links

is related to

CONFSERVER-54157 Option for Autocomplete for username and password to be available on front end

Closed

mentioned in: Page Loading...; Page Loading...

Activity

People

Assignee:: Pawel Drygas (Inactive)

Reporter:: Pedro Caba

Votes:: 29 Vote for this issue

Watchers:: 36 Start watching this issue

Dates

Created:: 11/Apr/2019 9:29 PM

Updated:: 17/Apr/2024 4:42 PM

Resolved:: 30/Aug/2022 6:28 AM