View Issue Details

IDProjectCategoryView StatusLast Update
15191Bug reports[All Projects] Authenticationpublic2019-08-27 11:08
Reporterc_schmitz Assigned Toc_schmitz  
PriorityhighSeveritymajor 
Status closedResolutionfixed 
Product Version3.17.x 
Target VersionFixed in Version4.0.0-RC2 
Summary15191: No password policy
Description

The application implements no password policy, admin can change his/her password to any string, even one-character long (empty passwords are not allowed). We recommend implementing reasonably strong password policy to mitigate password guessing.

Consider implementing reasonably strong password policy.

Additional Information

This is security-wise a real nightmare.
IMHO password policy should be a core feature.

TagsNo tags attached.
Complete LimeSurvey version number (& build)3.17.13
I will donate to the project if issue is resolved
Browser
Database & DB-Version
Server OS (if known)
Webserver software & version (if known)
PHP Version

Activities

DenisChenu

DenisChenu

2019-08-27 10:43

developer   ~53279

Already in develop : https://github.com/LimeSurvey/LimeSurvey/commit/b8d7499e05977abffe8811b88588c56f8c74b46c#diff-7709d54e02f4c2df167e23c27000434f

And if there are password policy : we must accept empty password : for LDAP or webserver user. empty password => No AuthDB accepted

c_schmitz

c_schmitz

2019-08-27 11:08

administrator   ~53283

See https://github.com/LimeSurvey/LimeSurvey/commit/b8d7499e05977abffe8811b88588c56f8c74b46c

Issue History

Date Modified Username Field Change
2019-08-26 20:42 c_schmitz New Issue
2019-08-26 20:42 c_schmitz Project Feature requests => Bug reports
2019-08-26 20:43 c_schmitz Priority none => high
2019-08-26 20:43 c_schmitz Severity feature => major
2019-08-26 20:43 c_schmitz Additional Information Updated View Revisions
2019-08-26 20:44 c_schmitz Complete LimeSurvey version number (& build) => 3.17.13
2019-08-26 20:47 c_schmitz Product Version => 3.17.x
2019-08-27 10:43 DenisChenu Note Added: 53279
2019-08-27 11:08 c_schmitz Assigned To => c_schmitz
2019-08-27 11:08 c_schmitz Status new => resolved
2019-08-27 11:08 c_schmitz Resolution open => fixed
2019-08-27 11:08 c_schmitz Fixed in Version => 4.0.0-RC2
2019-08-27 11:08 c_schmitz Note Added: 53283
2019-08-27 11:08 c_schmitz Status resolved => closed