View Issue Details

Jump to NotesJump to History
This bug affects 1 person(s).
 0
IDProjectCategoryView StatusDate SubmittedLast Update
19847Bug reportsAuthenticationpublic2024-11-21 17:392024-11-21 17:39
Reportera.berner@instant.at Assigned To 
PrioritynoneSeveritypartial_block 
Status newResolutionopen 
Product Version6.6.x 
Summary19847: 2FA renewing not working
Description

if you renew your 2FA key an additional key gets stored and the original one is not deleted from the table. The causes the only one of the keys is working randomly as it depends on which entry of the database is delivered first.

It seems that only a new key gets stored and the old ones get not deleted here: https://github.com/LimeSurvey/LimeSurvey/blob/master/application/core/plugins/TwoFactorAdminLogin/TwoFactorAdminLogin.php#L354

Steps To Reproduce

Steps to reproduce

  • generate a new 2FA key
  • log out
  • log in with this key
  • renew the 2FA key (without deleting it first)
  • log out
  • login in with the new key

Expected result

login should only work with the new key

Actual result

login will not work with the new key but with the old key

TagsNo tags attached.
Bug heat0
Complete LimeSurvey version number (& build)6.6.8+241104
I will donate to the project if issue is resolvedNo
Browser
Database type & versionMysql
Server OS (if known)
Webserver software & version (if known)
PHP Version8.1

Users monitoring this issue

There are no users monitoring this issue.

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2024-11-21 17:39 a.berner@instant.at New Issue