Uploaded image for project: 'Qt Bugtracking interface'
  1. Qt Bugtracking interface
  2. QTJIRA-25

security flaw: JIRA sends subscription password back in cleartext after initial registration

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P2: Important
    • 4.2
    • None
    • None
    • None

    Description

      After registering for the bug tracking system, the system send my provided password back in plain text, in an unencrypted email.

      In my opinion, this is a serious security flaw.

      If I provide the password, I want it to be kept secret.
      If the system generates a password, it has to be sent to me, of course.

      Currently, I have to immediately delete the confirmation mail, which completely destroys its purpose of being a long-term remainder.

      Attachments

        Activity

          People

            mkeir Mark Keir
            csbac Sebastian Brandt
            Votes:
            1 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: