View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 18528 | Feature requests | Authentication | public | 2022-11-30 10:51 | 2022-12-05 11:49 |
| Reporter | LDBV | Assigned To | ollehar | ||
| Priority | none | Severity | feature | ||
| Status | feedback | Resolution | open | ||
| Summary | 18528: No minimum Password quality in LimeSurvey 3.28 | ||||
| Description | We made a Penetration-Test with our own LimeSurvey V3.28.32 Server. The result was, that even the Admin password can be changed to a simple "A". For security reasons It should at least be possible in LimeSurvey 3.28 to enforce minimum password quality (f.e. minimum length = 8, need for special characters, upper, lower, numeric,...). Thanks. | ||||
| Additional Information | There is a (never solved) ticket from 2014 (08524) to this problem. | ||||
| Tags | password, security | ||||
| Bug heat | 2 | ||||
| Story point estimate | |||||
| Users affected % | |||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2022-11-30 10:51 | LDBV | New Issue | |
| 2022-11-30 11:00 | LDBV | Tag Attached: security | |
| 2022-11-30 11:00 | LDBV | Tag Attached: password | |
| 2022-12-05 11:49 | ollehar | Note Added: 73000 | |
| 2022-12-05 11:49 | ollehar | Bug heat | 0 => 2 |
| 2022-12-05 11:49 | ollehar | Assigned To | => ollehar |
| 2022-12-05 11:49 | ollehar | Status | new => feedback |
