Uploaded image for project: 'Qt Bugtracking interface'
  1. Qt Bugtracking interface
  2. QTJIRA-25

security flaw: JIRA sends subscription password back in cleartext after initial registration

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: P2: Important P2: Important
    • 4.2
    • None
    • None
    • None

      After registering for the bug tracking system, the system send my provided password back in plain text, in an unencrypted email.

      In my opinion, this is a serious security flaw.

      If I provide the password, I want it to be kept secret.
      If the system generates a password, it has to be sent to me, of course.

      Currently, I have to immediately delete the confirmation mail, which completely destroys its purpose of being a long-term remainder.

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            mkeir Mark Keir
            csbac Sebastian Brandt
            Votes:
            1 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved:

                There are no open Gerrit changes