View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|15655||Bug reports||Security||public||2019-12-12 19:57||2019-12-16 10:32|
|Summary||15655: Special characters break passwords|
When trying to use a password with < in it, the string breaks at that character. For example if I have a password "C<SGBUxaCWt" set for the bounce user it will try to authenticate to the imap server with just "C" as the password.
|Steps To Reproduce|
Enter a password for the bounce user with < in it and read the password back out.
|Tags||No tags attached.|
|Complete LimeSurvey version number (& build)||Version 3.21.1+191210|
|I will donate to the project if issue is resolved||No|
|Database & DB-Version||mysqlnd 5.0.12-dev - 20150407|
|Server OS (if known)||Ubuntu 18.04.2 LTS|
|Webserver software & version (if known)||Apache/2.4.29 (Ubuntu)|
Cannot reproduce with admin user. Changed my admin password to "asd<asd", logout, login, works. More details?
Thanks for the quick response. I did not try it with a user login, I tried and experienced the bug specifically when setting the password for the bounce email account.
@kclingerman Can you give me a screenshot of the form you used to set the password, please?
Looks like it's by design to strip tags. @c_schmitz, do you remember the reasoning behind this? Been there forever.
Need to inform the user about this security measure, or change it, e.g. escape tags instead of stripping them.
|2019-12-12 19:57||kclingerman||New Issue|
|2019-12-13 10:33||cdorin||Assigned To||=> cdorin|
|2019-12-13 10:33||cdorin||Status||new => assigned|
|2019-12-13 14:19||ollehar||Assigned To||cdorin => ollehar|
|2019-12-13 14:30||ollehar||Status||assigned => feedback|
|2019-12-13 14:30||ollehar||Note Added: 55024|
|2019-12-13 14:31||ollehar||Note Edited: 55024||View Revisions|
|2019-12-13 14:33||kclingerman||Note Added: 55025|
|2019-12-13 14:33||kclingerman||Status||feedback => assigned|
|2019-12-13 14:36||ollehar||Note Added: 55026|
|2019-12-13 16:34||ollehar||Note Added: 55030|
|2019-12-13 16:34||ollehar||Status||assigned => feedback|
|2019-12-13 16:53||ollehar||Note Added: 55031|
|2019-12-13 16:54||ollehar||Note Added: 55032|
|2019-12-16 10:32||c_schmitz||Assigned To||ollehar => c_schmitz|