View Issue Details

This bug affects 1 person(s).
 266
IDProjectCategoryView StatusLast Update
14408Feature requestsSecuritypublic2019-08-27 11:03
Reporteradelphi_user Assigned Toc_schmitz  
PrioritynoneSeverityfeature 
Status closedResolutionno change required 
Summary14408: DSVGO - sending passwort in plain-text with an e-mail is no longer allowed
Description

If a user registers to continue the survey later, an e-mail will be sent to him. In this e-mail the user will find the password in plain text. You can also find the password in plain-text in the URL.
According to the new DSVGO, the sending of passwords in plain-text with an e-mail is no longer allowed. That's why our data protection officer is getting on my roof.
How do you want to deal with this problem in the future?

Thx

TagsNo tags attached.
Bug heat266
Story point estimate
Users affected %

Relationships

related to 14049 closedc_schmitz Feature requests Don't send plain text passwords through mail 
related to 15190 closedc_schmitz Bug reports Assigned administration user password is generated randomly, but not time-limited and user is not required to change it 
related to 14621 new Feature requests Hardening PHP during installation 

Users monitoring this issue

DenisChenu, Mazi

Activities

DenisChenu

DenisChenu

2019-01-09 11:54

developer   ~50131

Same for "Create admin user" => we must use "Single password system"

bismark

bismark

2019-01-09 14:54

reporter   ~50135

dont call it password ;-)

DenisChenu

DenisChenu

2019-01-09 15:26

developer   ~50137

Else : in my opinion : must have a checkbox "Put complete link for reload" Y/N : N is better, but Y didn't update for other user.

My general global opinion : muts move whole register system to plugin/extension/module …

LouisGac

LouisGac

2019-01-10 15:11

developer   ~50146

dont call it password seems a good solution :)

jelo

jelo

2019-03-13 12:02

partner   ~50945

1.) Which section of the DSGVO / GDPR is forbidding passwords via E-Mail?

But even without DSGVO/GDPR sending passwords directly per E-Mail is not good practice.
Why? You assume that the email is reaching the recipient.

For Save / Resume I would recommend to show a precreate "Surveykey, Accesskey" (plus QRCode) and allow people to choose to let it send to them via E-Mail. Their choice.

Usercreation:
Allow to not send a password via E-Mail. If you send a password via E-Mail, make it temporary or at least first sign forces change of password.

DenisChenu

DenisChenu

2019-03-13 12:16

developer   ~50947

@jelo :

  1. Save and resume : https://gitlab.com/SondagesPro/coreAndTools/reloadAnyResponse/issues/2
  2. Admin email : https://bugs.limesurvey.org/view.php?id=14049
cdorin

cdorin

2019-03-14 11:16

reporter   ~50976

@adelphi_user, can you pinpoint the article in GDPR that stipulates that? I also know that it is not recommended, but still "acceptable".

Nevertheless, we are aware of the issue you describe and we will change it in the upcoming version; I hope :)

c_schmitz

c_schmitz

2019-08-27 11:03

administrator   ~53281

This issue is about sending the token key and participation link when a user registers for a survey. We all agree this is acceptable because the password is a single-use random password.
Discussion has swerved to other problems with password - please discuss that in the particular issues, instead - thank you.

Issue History

Date Modified Username Field Change
2019-01-08 17:32 adelphi_user New Issue
2019-01-09 11:51 DenisChenu Issue Monitored: DenisChenu
2019-01-09 11:54 DenisChenu Note Added: 50131
2019-01-09 14:54 bismark Note Added: 50135
2019-01-09 15:26 DenisChenu Note Added: 50137
2019-01-10 15:11 LouisGac Note Added: 50146
2019-03-12 15:11 DenisChenu Relationship added related to 14049
2019-03-12 15:35 DenisChenu Relationship added related to 14621
2019-03-12 16:24 Mazi Issue Monitored: Mazi
2019-03-13 12:02 jelo Note Added: 50945
2019-03-13 12:16 DenisChenu Note Added: 50947
2019-03-14 11:16 cdorin Note Added: 50976
2019-08-27 10:45 DenisChenu Relationship added related to 15190
2019-08-27 10:48 c_schmitz Relationship replaced duplicate of 15190
2019-08-27 10:49 c_schmitz Relationship deleted 15190
2019-08-27 11:03 c_schmitz Assigned To => c_schmitz
2019-08-27 11:03 c_schmitz Status new => closed
2019-08-27 11:03 c_schmitz Resolution open => no change required
2019-08-27 11:03 c_schmitz Note Added: 53281
2019-08-27 11:03 c_schmitz Relationship added related to 15190