Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events

Forums

Articles
Create
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

deleting wicked users

Kevin Mote
Kevin Mote
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 27, 2014

Recently a "white hat" hacker team was hired by our IT department to probe for vulnerabilities in our intranet, including our JIRA installation. (JIRA was not compromised, btw -- woohoo!). During the exercise, they entered all sorts of script into the JIRA sign-in fields, creating spurious users. I was able to delete all the false accounts except the following two, which still remain in my user list:

These two lines are actually listed as usernames in the Users list. Problem is, when I try to delete them, the operation fails with a java.lang.NullPointerException at

com.atlassian.jira.web.action.admin.user.DeleteUser.doValidation(DeleteUser.java:56)

Is there any way to manually remove these users (perhaps in the database itself)?

Answer
Watch
Like Be the first to like this
308 views

1 answer

1 accepted

1 vote
Answer accepted
Pedro Souza
Pedro Souza
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 28, 2014

Hi there,

Before doing any delete operations in the database, I would recomend you to rename these users, and then try to delete it again.

Since the username is like an URL, perhaps it might be causing conflict in the application side.

If you're still facing the problem even renaming the user, I would strongly recommend you to backup your database before applying any delete operation on this, when you have the backup, the delete query should be this one:

delete from cwd_user
where user_name in ('http://netsparker.com/n?.jspa', 'php://filter//resource=http://netsparker.com/n?.jspa')

I hope it helps!

Regards.

View More Comments
Kevin Mote
Kevin Mote
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 28, 2014

Good suggestion, but unfortunately it looks like I will have to wait until I upgrade to v6.0 to edit usernames. (That feature is not available in 5.x). Rather than mucking about in the database, I think I'll wait for my upgrade.

Thanks!

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

Community
Forums
FAQs Forums guidelines
Learning
About learning Resources
Events
Copyright © 2025 Atlassian
Privacy Policy Terms Security
Welcome illustration

Welcome to the new Atlassian Community

Online forums and learning are now in one easy-to-use experience.

By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.