- changed status to open
Authentication silently fails resulting in account lockout on Bitbucket/JIRA Server with CROWD
My organization uses:
- Jira Server 7.13.0
- Bitbucket Server 5.16.0
For authentication, we use CROWD to integrate with Active Directory. When I changed my Active Directory password, I began getting prompted for captcha every time I attempted to commit code. It took alot of digging to identify that the root of the issue was this extension. I never received an error that authentication was failing, but it apparently kept trying until our account lock threshold was triggered. There should be a prompt of some sort when authentication fails to avoid user confusion. It would be ideal if this could piggyback off of my system/keychain credentials rather than storing credentials separately.
Comments (3)
-
-
I too see this.
It seems that the plugin is stuck in a loop, I had one user with over 5000 failed login attempts 20-30 minutes after changing their password.
moments after I had changed my password in my Jira profile I could see that I had 20+ failed attempts.
-
- changed status to resolved
Fixed in 2.8.5
- Log in to comment
Tracked internally as VSCODE-917