View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
15191 | Bug reports | Authentication | public | 2019-08-26 20:42 | 2019-08-27 11:08 |
Reporter | c_schmitz | Assigned To | c_schmitz | ||
Priority | high | Severity | partial_block | ||
Status | closed | Resolution | fixed | ||
Product Version | 3.17.x | ||||
Fixed in Version | 4.0.0-RC2 | ||||
Summary | 15191: No password policy | ||||
Description | The application implements no password policy, admin can change his/her password to any string, even one-character long (empty passwords are not allowed). We recommend implementing reasonably strong password policy to mitigate password guessing. Consider implementing reasonably strong password policy. | ||||
Additional Information | This is security-wise a real nightmare. | ||||
Tags | No tags attached. | ||||
Bug heat | 4 | ||||
Complete LimeSurvey version number (& build) | 3.17.13 | ||||
I will donate to the project if issue is resolved | |||||
Browser | |||||
Database type & version | |||||
Server OS (if known) | |||||
Webserver software & version (if known) | |||||
PHP Version | |||||
Already in develop : https://github.com/LimeSurvey/LimeSurvey/commit/b8d7499e05977abffe8811b88588c56f8c74b46c#diff-7709d54e02f4c2df167e23c27000434f And if there are password policy : we must accept empty password : for LDAP or webserver user. empty password => No AuthDB accepted |
|
See https://github.com/LimeSurvey/LimeSurvey/commit/b8d7499e05977abffe8811b88588c56f8c74b46c |
|
Date Modified | Username | Field | Change |
---|---|---|---|
2019-08-26 20:42 | c_schmitz | New Issue | |
2019-08-26 20:42 | c_schmitz | Project | Feature requests => Bug reports |
2019-08-26 20:43 | c_schmitz | Priority | none => high |
2019-08-26 20:43 | c_schmitz | Severity | feature => partial_block |
2019-08-26 20:43 | c_schmitz | Additional Information Updated | |
2019-08-26 20:44 | c_schmitz | Complete LimeSurvey version number (& build) | => 3.17.13 |
2019-08-26 20:47 | c_schmitz | Product Version | => 3.17.x |
2019-08-27 10:43 | DenisChenu | Note Added: 53279 | |
2019-08-27 11:08 | c_schmitz | Assigned To | => c_schmitz |
2019-08-27 11:08 | c_schmitz | Status | new => resolved |
2019-08-27 11:08 | c_schmitz | Resolution | open => fixed |
2019-08-27 11:08 | c_schmitz | Fixed in Version | => 4.0.0-RC2 |
2019-08-27 11:08 | c_schmitz | Note Added: 53283 | |
2019-08-27 11:08 | c_schmitz | Status | resolved => closed |