20366: TwoFactorAdminLogin secret should have 128 bits - LimeSurvey bugs and feature requests

This issue affects 1 person(s).

250

ID	Project	Category	View Status	Date Submitted	Last Update

20366	Bug reports	Security	public	2025-11-21 12:28	2025-11-21 18:00

Reporter	kemweb	Assigned To
Priority	none	Severity	tweak
Status	new	Resolution	open

Summary	20366: TwoFactorAdminLogin secret should have 128 bits
Description	Common tools like FreeOTP consider less than 128 bits as unsafe. The user gets an "Token is unsafe!" message See https://github.com/freeotp/freeotp-android/issues/287#issuecomment-3270329291
Tags	No tags attached.

Bug heat	250
Complete LimeSurvey version number (& build)	.
I will donate to the project if issue is resolved
Browser
Database type & version
Server OS (if known)
Webserver software & version (if known)
PHP Version

User List	There are no users monitoring this issue.

Date Modified	Username	Field	Change
2025-11-21 12:28	kemweb	New Issue
2025-11-21 18:00	c_schmitz	Project	Feature requests => Bug reports
2025-11-21 18:00	c_schmitz	Severity	feature => tweak
2025-11-21 18:00	c_schmitz	Complete LimeSurvey version number (& build)	=> .