View Issue Details

Jump to NotesJump to History
This issue affects 1 person(s).
 4
IDProjectCategoryView StatusDate SubmittedLast Update
15191Bug reportsAuthenticationpublic2019-08-26 20:422019-08-27 11:08
Reporterc_schmitz Assigned Toc_schmitz  
PriorityhighSeveritypartial_block 
Status closedResolutionfixed 
Product Version3.17.x 
Fixed in Version4.0.0-RC2 
Summary15191: No password policy
Description

The application implements no password policy, admin can change his/her password to any string, even one-character long (empty passwords are not allowed). We recommend implementing reasonably strong password policy to mitigate password guessing.

Consider implementing reasonably strong password policy.

Additional Information

This is security-wise a real nightmare.
IMHO password policy should be a core feature.

TagsNo tags attached.
Bug heat4
Complete LimeSurvey version number (& build)3.17.13
I will donate to the project if issue is resolved
Browser
Database type & version
Server OS (if known)
Webserver software & version (if known)
PHP Version

Users monitoring this issue

There are no users monitoring this issue.

Activities

DenisChenu

DenisChenu

2019-08-27 10:43

developer   ~53279

Already in develop : https://github.com/LimeSurvey/LimeSurvey/commit/b8d7499e05977abffe8811b88588c56f8c74b46c#diff-7709d54e02f4c2df167e23c27000434f

And if there are password policy : we must accept empty password : for LDAP or webserver user. empty password => No AuthDB accepted
c_schmitz

c_schmitz

2019-08-27 11:08

administrator   ~53283

See https://github.com/LimeSurvey/LimeSurvey/commit/b8d7499e05977abffe8811b88588c56f8c74b46c

Issue History

Date Modified Username Field Change
2019-08-26 20:42 c_schmitz New Issue
2019-08-26 20:42 c_schmitz Project Feature requests => Bug reports
2019-08-26 20:43 c_schmitz Priority none => high
2019-08-26 20:43 c_schmitz Severity feature => partial_block
2019-08-26 20:43 c_schmitz Additional Information Updated
2019-08-26 20:44 c_schmitz Complete LimeSurvey version number (& build) => 3.17.13
2019-08-26 20:47 c_schmitz Product Version => 3.17.x
2019-08-27 10:43 DenisChenu Note Added: 53279
2019-08-27 11:08 c_schmitz Assigned To => c_schmitz
2019-08-27 11:08 c_schmitz Status new => resolved
2019-08-27 11:08 c_schmitz Resolution open => fixed
2019-08-27 11:08 c_schmitz Fixed in Version => 4.0.0-RC2
2019-08-27 11:08 c_schmitz Note Added: 53283
2019-08-27 11:08 c_schmitz Status resolved => closed