-
Type:
Enhancement
-
Status:
Closed
-
Priority:
Medium
-
Resolution:
Done
-
Affects Version/s:
None
-
-
-
-
Module:
BenAdmin
- Security
-
-
Item State:
Production Complete
-
Pretorian reported an issue that password is returning is server response is potential threat to system.
The user’s password is returned in the response from the server when an administrator creates an account for a new employee
By sending a user password as a response during account registration, WORKTERRA increases the possibility of the password being sniffed on the wire, or compromised via local workstation access.
When registering a new employee, the employee's default password was displayed to the registrar.
Ideally we should not display password to administrator.
We need to find out all possible locations in System where we are sending password to client side.
Possible solution for this is to remove add employee popup which displays credentials.
Configuration flag should decide whether we need to display newly added employee password in alert or not.
{"report":{"apdex":1,"isInitial":true,"journeyId":"10085fb1-edec-45d5-84d9-b7d593ef6b5f","key":"jira.project.issue.view-issue","navigationType":0,"readyForUser":665.6000000238419,"redirectCount":0,"resourceLoadedEnd":546.1000000238419,"resourceLoadedStart":133.5,"resourceTiming":[{"duration":36,"initiatorType":"link","name":"https://jira.workterra.net/s/3003653444a1e1a85555cab7dcfb3a21-CDN/-w431t5/805012/9a9e1fae3639050b38ac467c3aa37e79/2e46d90b5cae895c9c38649c9d510130/_/download/contextbatch/css/_super/batch.css","startTime":133.5,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":133.5,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":169.5,"responseStart":0,"secureConnectionStart":0},{"duration":36.40000003576279,"initiatorType":"link","name":"https://jira.workterra.net/s/dd6a0911920485696ac20493290df627-CDN/-w431t5/805012/9a9e1fae3639050b38ac467c3aa37e79/3abe50d469404b639745df44b51476b6/_/download/contextbatch/css/jira.browse.project,jira.view.issue,project.issue.navigator,jira.global,atl.general,-_super/batch.css?agile_global_admin_condition=true&jag=true&jira.create.linked.issue=true&richediton=true","startTime":133.80000001192093,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":133.80000001192093,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":170.20000004768372,"responseStart":0,"secureConnectionStart":0},{"duration":36.59999996423721,"initiatorType":"link","name":"https://jira.workterra.net/s/d41d8cd98f00b204e9800998ecf8427e-CDN/-w431t5/805012/9a9e1fae3639050b38ac467c3aa37e79/8.5.0/_/download/batch/com.atlassian.auiplugin:split_aui.pattern.label/com.atlassian.auiplugin:split_aui.pattern.label.css","startTime":133.9000000357628,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":133.9000000357628,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":170.5,"responseStart":0,"secureConnectionStart":0},{"duration":36.90000003576279,"initiatorType":"link","name":"https://jira.workterra.net/s/bd548f27bbf8f278bd83b60dd3284ed8-CDN/-w431t5/805012/9a9e1fae3639050b38ac467c3aa37e79/1.0/_/download/batch/jira.webresources:global-static-adgs/jira.webresources:global-static-adgs.css","startTime":134,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":134,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":170.9000000357628,"responseStart":0,"secureConnectionStart":0},{"duration":37.40000003576279,"initiatorType":"link","name":"https://jira.workterra.net/s/70725731a158a7140f19ddbd4201ba27-CDN/-w431t5/805012/9a9e1fae3639050b38ac467c3aa37e79/1.0/_/download/batch/jira.webresources:global-static/jira.webresources:global-static.css","startTime":134,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":134,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":171.4000000357628,"responseStart":0,"secureConnectionStart":0},{"duration":89.39999997615814,"initiatorType":"script","name":"https://jira.workterra.net/s/f2623af22c15df767ec6ff268ae0b8bd-CDN/-w431t5/805012/9a9e1fae3639050b38ac467c3aa37e79/2e46d90b5cae895c9c38649c9d510130/_/download/contextbatch/js/_super/batch.js?locale=en-US","startTime":134.20000004768372,"connectEnd":134.20000004768372,"connectStart":134.20000004768372,"domainLookupEnd":134.20000004768372,"domainLookupStart":134.20000004768372,"fetchStart":134.20000004768372,"redirectEnd":0,"redirectStart":0,"requestStart":134.20000004768372,"responseEnd":223.60000002384186,"responseStart":223.60000002384186,"secureConnectionStart":134.20000004768372},{"duration":124.5,"initiatorType":"script","name":"https://jira.workterra.net/s/6ce676f2a5bcc9651cef6e7956f05def-CDN/-w431t5/805012/9a9e1fae3639050b38ac467c3aa37e79/3abe50d469404b639745df44b51476b6/_/download/contextbatch/js/jira.browse.project,jira.view.issue,project.issue.navigator,jira.global,atl.general,-_super/batch.js?agile_global_admin_condition=true&jag=true&jira.create.linked.issue=true&locale=en-US&richediton=true","startTime":134.20000004768372,"connectEnd":134.20000004768372,"connectStart":134.20000004768372,"domainLookupEnd":134.20000004768372,"domainLookupStart":134.20000004768372,"fetchStart":134.20000004768372,"redirectEnd":0,"redirectStart":0,"requestStart":134.20000004768372,"responseEnd":258.7000000476837,"responseStart":258.7000000476837,"secureConnectionStart":134.20000004768372},{"duration":127.39999997615814,"initiatorType":"script","name":"https://jira.workterra.net/s/ecf7ec549751ae117b778f0525d6d371-CDN/-w431t5/805012/9a9e1fae3639050b38ac467c3aa37e79/4.1.5/_/download/resources/com.atlassian.plugins.atlassian-chaperone:hotspot-tour/hotspot-tour.js?batch=false&locale=en-US","startTime":134.4000000357628,"connectEnd":134.4000000357628,"connectStart":134.4000000357628,"domainLookupEnd":134.4000000357628,"domainLookupStart":134.4000000357628,"fetchStart":134.4000000357628,"redirectEnd":0,"redirectStart":0,"requestStart":134.4000000357628,"responseEnd":261.80000001192093,"responseStart":261.80000001192093,"secureConnectionStart":134.4000000357628},{"duration":127.70000004768372,"initiatorType":"script","name":"https://jira.workterra.net/s/6aa3fcf1fac5fd551eee0b69077524e6-CDN/-w431t5/805012/9a9e1fae3639050b38ac467c3aa37e79/aae1242f5fc81cc6a5bb8bc963ccda29/_/download/contextbatch/js/atl.global,-_super/batch.js?locale=en-US","startTime":134.5,"connectEnd":134.5,"connectStart":134.5,"domainLookupEnd":134.5,"domainLookupStart":134.5,"fetchStart":134.5,"redirectEnd":0,"redirectStart":0,"requestStart":134.5,"responseEnd":262.2000000476837,"responseStart":262.2000000476837,"secureConnectionStart":134.5},{"duration":127.89999997615814,"initiatorType":"script","name":"https://jira.workterra.net/s/d41d8cd98f00b204e9800998ecf8427e-CDN/-w431t5/805012/9a9e1fae3639050b38ac467c3aa37e79/1.0/_/download/batch/jira.webresources:calendar-en/jira.webresources:calendar-en.js","startTime":134.60000002384186,"connectEnd":134.60000002384186,"connectStart":134.60000002384186,"domainLookupEnd":134.60000002384186,"domainLookupStart":134.60000002384186,"fetchStart":134.60000002384186,"redirectEnd":0,"redirectStart":0,"requestStart":134.60000002384186,"responseEnd":262.5,"responseStart":262.5,"secureConnectionStart":134.60000002384186},{"duration":128.19999998807907,"initiatorType":"script","name":"https://jira.workterra.net/s/d41d8cd98f00b204e9800998ecf8427e-CDN/-w431t5/805012/9a9e1fae3639050b38ac467c3aa37e79/1.0/_/download/batch/jira.webresources:calendar-localisation-moment/jira.webresources:calendar-localisation-moment.js","startTime":134.70000004768372,"connectEnd":134.70000004768372,"connectStart":134.70000004768372,"domainLookupEnd":134.70000004768372,"domainLookupStart":134.70000004768372,"fetchStart":134.70000004768372,"redirectEnd":0,"redirectStart":0,"requestStart":134.70000004768372,"responseEnd":262.9000000357628,"responseStart":262.9000000357628,"secureConnectionStart":134.70000004768372},{"duration":128.30000001192093,"initiatorType":"script","name":"https://jira.workterra.net/s/ecf7ec549751ae117b778f0525d6d371-CDN/-w431t5/805012/9a9e1fae3639050b38ac467c3aa37e79/8.5.0/_/download/batch/com.atlassian.auiplugin:split_aui.pattern.label/com.atlassian.auiplugin:split_aui.pattern.label.js?locale=en-US","startTime":134.80000001192093,"connectEnd":134.80000001192093,"connectStart":134.80000001192093,"domainLookupEnd":134.80000001192093,"domainLookupStart":134.80000001192093,"fetchStart":134.80000001192093,"redirectEnd":0,"redirectStart":0,"requestStart":134.80000001192093,"responseEnd":263.10000002384186,"responseStart":263.10000002384186,"secureConnectionStart":134.80000001192093},{"duration":128.69999998807907,"initiatorType":"link","name":"https://jira.workterra.net/s/05c862146699bb029ceb0a489075e63b-CDN/-w431t5/805012/9a9e1fae3639050b38ac467c3aa37e79/bcd66e9a133a1b9f5fd14b56841e1c5b/_/download/contextbatch/css/jira.global.look-and-feel,-_super/batch.css","startTime":134.9000000357628,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":134.9000000357628,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":263.60000002384186,"responseStart":0,"secureConnectionStart":0},{"duration":128.5,"initiatorType":"script","name":"https://jira.workterra.net/rest/api/1.0/shortcuts/805012/81da1c7492d7ee698ae1cc31902498d9/shortcuts.js?context=issuenavigation&context=issueaction","startTime":135,"connectEnd":135,"connectStart":135,"domainLookupEnd":135,"domainLookupStart":135,"fetchStart":135,"redirectEnd":0,"redirectStart":0,"requestStart":135,"responseEnd":263.5,"responseStart":263.5,"secureConnectionStart":135},{"duration":128.80000001192093,"initiatorType":"link","name":"https://jira.workterra.net/s/9095228fa10daa2d3e3d7d5760c95e91-CDN/-w431t5/805012/9a9e1fae3639050b38ac467c3aa37e79/72477c22780abda5f51fe696920d843f/_/download/contextbatch/css/com.atlassian.jira.projects.sidebar.init,-_super,-jira.view.issue,-project.issue.navigator/batch.css?jira.create.linked.issue=true&richediton=true","startTime":135.10000002384186,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":135.10000002384186,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":263.9000000357628,"responseStart":0,"secureConnectionStart":0},{"duration":128.89999997615814,"initiatorType":"script","name":"https://jira.workterra.net/s/c19a1b46e985d7fb85efaf27c8febfdd-CDN/-w431t5/805012/9a9e1fae3639050b38ac467c3aa37e79/72477c22780abda5f51fe696920d843f/_/download/contextbatch/js/com.atlassian.jira.projects.sidebar.init,-_super,-jira.view.issue,-project.issue.navigator/batch.js?jira.create.linked.issue=true&locale=en-US&richediton=true","startTime":135.10000002384186,"connectEnd":135.10000002384186,"connectStart":135.10000002384186,"domainLookupEnd":135.10000002384186,"domainLookupStart":135.10000002384186,"fetchStart":135.10000002384186,"redirectEnd":0,"redirectStart":0,"requestStart":135.10000002384186,"responseEnd":264,"responseStart":264,"secureConnectionStart":135.10000002384186},{"duration":409.69999998807907,"initiatorType":"script","name":"https://jira.workterra.net/s/d41d8cd98f00b204e9800998ecf8427e-CDN/-w431t5/805012/9a9e1fae3639050b38ac467c3aa37e79/1.0/_/download/batch/jira.webresources:bigpipe-js/jira.webresources:bigpipe-js.js","startTime":136.10000002384186,"connectEnd":136.10000002384186,"connectStart":136.10000002384186,"domainLookupEnd":136.10000002384186,"domainLookupStart":136.10000002384186,"fetchStart":136.10000002384186,"redirectEnd":0,"redirectStart":0,"requestStart":136.10000002384186,"responseEnd":545.8000000119209,"responseStart":545.8000000119209,"secureConnectionStart":136.10000002384186},{"duration":409.89999997615814,"initiatorType":"script","name":"https://jira.workterra.net/s/d41d8cd98f00b204e9800998ecf8427e-CDN/-w431t5/805012/9a9e1fae3639050b38ac467c3aa37e79/1.0/_/download/batch/jira.webresources:bigpipe-init/jira.webresources:bigpipe-init.js","startTime":136.20000004768372,"connectEnd":136.20000004768372,"connectStart":136.20000004768372,"domainLookupEnd":136.20000004768372,"domainLookupStart":136.20000004768372,"fetchStart":136.20000004768372,"redirectEnd":0,"redirectStart":0,"requestStart":136.20000004768372,"responseEnd":546.1000000238419,"responseStart":546.1000000238419,"secureConnectionStart":136.20000004768372},{"duration":125.70000004768372,"initiatorType":"xmlhttprequest","name":"https://jira.workterra.net/rest/webResources/1.0/resources","startTime":419.5,"connectEnd":419.5,"connectStart":419.5,"domainLookupEnd":419.5,"domainLookupStart":419.5,"fetchStart":419.5,"redirectEnd":0,"redirectStart":0,"requestStart":419.5,"responseEnd":545.2000000476837,"responseStart":545.2000000476837,"secureConnectionStart":419.5}],"threshold":1000,"fetchStart":0,"domainLookupStart":0,"domainLookupEnd":0,"connectStart":0,"connectEnd":0,"requestStart":13,"responseStart":127,"responseEnd":128,"domLoading":131,"domInteractive":725,"domContentLoadedEventStart":725,"domContentLoadedEventEnd":786,"domComplete":963,"loadEventStart":963,"loadEventEnd":967,"userAgent":"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)","marks":[],"measures":[],"correlationId":"e7b7d236d60ec5","effectiveType":"4g","downlink":10,"rtt":0,"serverDuration":78,"dbReadsTimeInMs":26,"dbConnsTimeInMs":29,"applicationHash":"156decd7d2b4272533aa6cefc8294af635e1da97","experiments":[]}}
Kunal Kedari (Inactive)
made transition
-