View Issue Details

IDProjectCategoryView StatusLast Update
14043User patchesSecuritypublic2019-12-02 12:16
Reporterjweberhofer Assigned Toc_schmitz  
Status closedResolutionfixed 
Product Version 
Target VersionFixed in Version 
Summary14043: Improvement in IP blocking after failed login attempts
  • Currently IP locks never get released. Therefore a single false login trial blocks a IP address for 10 minutes.
  • IP-Blocks should get updated while blocked: This causes a user how re-tries login too early to get blocked for another 10 minutes
TagsNo tags attached.
Complete LimeSurvey version number (& build)3.14.8+180829




2018-09-10 15:27

reporter   ~49003

A pull request 1116 has been created on github.



2019-11-19 16:13

administrator   ~54695

Fix committed to master branch:



2019-12-02 12:16

administrator   ~54901

Fixed in Release 3.21.0+191203

Related Changesets

LimeSurvey: master 1bd2f1bb

2019-11-19 16:13:20


Committer: c_schmitz Details Diff
Fixed issue 14043: Improvement in IP blocking after failed login attempts

* Improved blocking of failed login-attempts

Record new attempts only when IP is not already blocked. This prevents endless blocking if user occasionally tries to login again.

* Reset failed login counter after sucessful login

and remove a line of dead code
Affected Issues
mod - application/core/LSUserIdentity.php Diff File
mod - application/models/FailedLoginAttempt.php Diff File

Issue History

Date Modified Username Field Change
2018-09-10 15:26 jweberhofer New Issue
2018-09-10 15:27 jweberhofer Note Added: 49003
2019-11-19 16:13 c_schmitz Changeset attached => LimeSurvey master 1bd2f1bb
2019-11-19 16:13 c_schmitz Note Added: 54695
2019-11-19 16:13 c_schmitz Assigned To => c_schmitz
2019-11-19 16:13 c_schmitz Resolution open => fixed
2019-12-02 12:16 lime_release_bot Note Added: 54901
2019-12-02 12:16 lime_release_bot Status new => closed