View Issue Details

Jump to NotesJump to History
This issue affects 1 person(s).
 252
IDProjectCategoryView StatusDate SubmittedLast Update
20366Bug reportsSecuritypublic2025-11-21 12:282025-12-17 17:58
Reporterkemweb Assigned Totibor.pacalat  
PrioritynoneSeveritytweak 
Status in code reviewResolutionopen 
Summary20366: TwoFactorAdminLogin secret should have 128 bits
Description

Common tools like FreeOTP consider less than 128 bits as unsafe.
The user gets an "Token is unsafe!" message
See https://github.com/freeotp/freeotp-android/issues/287#issuecomment-3270329291

TagsNo tags attached.
Bug heat252
Complete LimeSurvey version number (& build).
I will donate to the project if issue is resolved
Browser
Database type & version
Server OS (if known)
Webserver software & version (if known)
PHP Version

Users monitoring this issue

There are no users monitoring this issue.

Activities

DenisChenu

DenisChenu

2025-12-03 10:10

developer   ~83980

https://github.com/LimeSurvey/LimeSurvey/pull/4559
DenisChenu

DenisChenu

2025-12-17 17:58

developer   ~84033

Decision needed

  1. Set 128 (or more) witjout any way to update
  2. Add a php config settings to allow setting to more than 128

Issue History

Date Modified Username Field Change
2025-11-21 12:28 kemweb New Issue
2025-11-21 18:00 c_schmitz Project Feature requests => Bug reports
2025-11-21 18:00 c_schmitz Severity feature => tweak
2025-11-21 18:00 c_schmitz Complete LimeSurvey version number (& build) => .
2025-12-02 19:14 tibor.pacalat Assigned To => DenisChenu
2025-12-02 19:14 tibor.pacalat Status new => ready for code review
2025-12-03 10:10 DenisChenu Status ready for code review => in code review
2025-12-03 10:10 DenisChenu Note Added: 83980
2025-12-03 10:10 DenisChenu Bug heat 250 => 252
2025-12-17 17:57 DenisChenu Assigned To DenisChenu => tibor.pacalat
2025-12-17 17:58 DenisChenu Note Added: 84033