View Issue Details

Jump to NotesJump to History
This bug affects 1 person(s).
 4
IDProjectCategoryView StatusDate SubmittedLast Update
19926Bug reportsUser / Groups / Rolespublic2025-01-09 10:532025-01-09 16:57
ReporterOrbit_LL Assigned ToDenisChenu  
PrioritynoneSeverityminor 
Status resolvedResolutionno change required 
Product Version6.6.x 
Summary19926: All users blocked from login when one user has multiple failed login attempts.
Description

We had a user attempt multiple failed logins. The user was blocked for 10 minutes from logging in, but so were all other users.

Steps To Reproduce

Steps to reproduce

1.) Create multiple users.
2.) Fail at logging in with one user multiple times until blocked for 10 minutes.
3.) Attempt login with different user.

Expected result

Login with different user successful.

Actual result

Login with all other users not possible (blocked due to multiple login attempts).

TagsNo tags attached.
Bug heat4
Complete LimeSurvey version number (& build)6.10.0+250106
I will donate to the project if issue is resolvedNo
Browser
Database type & version8.1.31
Server OS (if known)
Webserver software & version (if known)
PHP Version 8.1.31

Users monitoring this issue

There are no users monitoring this issue.

Activities

DenisChenu

DenisChenu

2025-01-09 12:20

developer   ~81798

You can set IP in allowed list (never blocked) : https://www.limesurvey.org/manual/Global_settings/en#Security

2 solutions for a better system

  1. Allow to block IP : current
  2. Allow to block username and not IP : good solution for multiple proxy attack
  3. Allow to block username+IP

But same : must choose in security. Your choice can be 2, mine 0+1
tibor.pacalat

tibor.pacalat

2025-01-09 16:57

administrator   ~81799

@Orbit_LL This is a feature. We only block by IP address. So if all users come from same IP, they are all blocked. You can modify this behaviour in Global Settings -> IP allowlist.

Issue History

Date Modified Username Field Change
2025-01-09 10:53 Orbit_LL New Issue
2025-01-09 12:20 DenisChenu Note Added: 81798
2025-01-09 12:20 DenisChenu Bug heat 0 => 2
2025-01-09 12:20 DenisChenu Assigned To => DenisChenu
2025-01-09 12:20 DenisChenu Status new => resolved
2025-01-09 12:20 DenisChenu Resolution open => no change required
2025-01-09 16:57 tibor.pacalat Note Added: 81799
2025-01-09 16:57 tibor.pacalat Bug heat 2 => 4