View Issue Details

This bug affects 1 person(s).
 256
IDProjectCategoryView StatusLast Update
09606Feature requestsSecuritypublic2023-02-08 16:34
ReporterVitelinside Assigned Toollehar  
PriorityhighSeverityfeature 
Status closedResolutionno change required 
Summary09606: Removing the display of passwords in bounce email
Description

IT Security problems with password display

When using Limesurvey, a user can choose not to finish the survey and to « resume later ». When clicking on the « resume later » button, the user is asked to type in a login, password and email address. He then receives an email in which his login and password are written, the password is therefore visible, readable, clearly displayed.
However when the user mistypes his email address an email is sent to the « bounce email » and this can be an administrator from IT services but it can also be just anyone creating the survey. The problem is that the original email – with login and password- is enclosed to this « Undelivered Mail Returned to Sender » email.
When looking at the login and password it is very easy to infer from the complexity of the password whether it is one used professionally or not.
Therefore this is a major flaw in IT security for users of Limesurvey as potentially anyone can have the email address and professional password of Limesurvey users.
Could this be changed by removing the display of passwords and replacing it only by a complex URL ?

TagsNo tags attached.
Bug heat256
Story point estimate5
Users affected %80

Users monitoring this issue

Vitelinside

Activities

DenisChenu

DenisChenu

2015-04-17 15:38

developer   ~32017

Think we must add a beforeEmail for all email sent by LimeSurvey

https://manual.limesurvey.org/BeforeTokenEmail

Then this can be done in a plugin (and save must be moved in plugin too ...)

ollehar

ollehar

2023-02-08 16:30

administrator   ~73750

You want to use a hash in the url instead? So that real passwords are never visible?

ollehar

ollehar

2023-02-08 16:32

administrator   ~73751

This is already fixed actually.

DenisChenu

DenisChenu

2023-02-08 16:34

developer   ~73752

You want to use a hash in the url instead? So that real passwords are never visible?

? No …

Something like

You save your survey with name : {name} and the pasword you choose.
To load : click here : survey/loadall/name/{nale}

And user must enter manually the password he choose.

Issue History

Date Modified Username Field Change
2015-04-16 13:52 Vitelinside New Issue
2015-04-16 15:54 Vitelinside Issue Monitored: Vitelinside
2015-04-17 15:38 DenisChenu Note Added: 32017
2023-02-08 16:27 ollehar Story point estimate => 5
2023-02-08 16:27 ollehar Users affected % => 80
2023-02-08 16:29 ollehar Priority normal => high
2023-02-08 16:30 ollehar Note Added: 73750
2023-02-08 16:30 ollehar Bug heat 254 => 256
2023-02-08 16:32 ollehar Assigned To => ollehar
2023-02-08 16:32 ollehar Status new => closed
2023-02-08 16:32 ollehar Resolution open => no change required
2023-02-08 16:32 ollehar Note Added: 73751
2023-02-08 16:34 DenisChenu Note Added: 73752