20366: TwoFactorAdminLogin secret should have 128 bits - LimeSurvey bugs and feature requests

This issue affects 1 person(s).

252

ID	Project	Category	View Status	Date Submitted	Last Update

20366	Bug reports	Security	public	2025-11-21 12:28	2025-12-03 10:10

Reporter	kemweb	Assigned To	DenisChenu
Priority	none	Severity	tweak
Status	in code review	Resolution	open

Summary	20366: TwoFactorAdminLogin secret should have 128 bits
Description	Common tools like FreeOTP consider less than 128 bits as unsafe. The user gets an "Token is unsafe!" message See https://github.com/freeotp/freeotp-android/issues/287#issuecomment-3270329291
Tags	No tags attached.

Bug heat	252
Complete LimeSurvey version number (& build)	.
I will donate to the project if issue is resolved
Browser
Database type & version
Server OS (if known)
Webserver software & version (if known)
PHP Version

User List	There are no users monitoring this issue.

Date Modified	Username	Field	Change
2025-11-21 12:28	kemweb	New Issue
2025-11-21 18:00	c_schmitz	Project	Feature requests => Bug reports
2025-11-21 18:00	c_schmitz	Severity	feature => tweak
2025-11-21 18:00	c_schmitz	Complete LimeSurvey version number (& build)	=> .
2025-12-02 19:14	tibor.pacalat	Assigned To	=> DenisChenu
2025-12-02 19:14	tibor.pacalat	Status	new => ready for code review
2025-12-03 10:10	DenisChenu	Status	ready for code review => in code review
2025-12-03 10:10	DenisChenu	Note Added: 83980
2025-12-03 10:10	DenisChenu	Bug heat	250 => 252

DenisChenu 2025-12-03 10:10 developer ~83980	https://github.com/LimeSurvey/LimeSurvey/pull/4559