- Posts: 16
- Thank you received: 0
Welcome to the LimeSurvey Community Forum
Ask the community, share ideas, and connect with other LimeSurvey users!
..
- maestro1315
- Topic Author
- Offline
- New Member
Less
More
- holch
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 11660
- Thank you received: 2742
3 months 2 weeks ago #254173
by holch
I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.
Replied by holch on topic Security - Token IDs are being found by external bad actors.
What do you mean with "When scanned?"
I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.
Please Log in to join the conversation.
- maestro1315
- Topic Author
- Offline
- New Member
Less
More
- Posts: 16
- Thank you received: 0
- holch
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 11660
- Thank you received: 2742
3 months 2 weeks ago #254175
by holch
I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.
Replied by holch on topic Security - Token IDs are being found by external bad actors.
So I assume we are talking about a brute force attack here? And yes, as they URL of Limesurvey surveys are "predictable", I wouldn't be surprised when if after a huge amount of tries, a bot will guess the survey id and maybe also a token within the survey URL. Or am I understanding you wrong? If you feel, this is a security vulnerability, I highly recommend to not post this on the public accessible forum, but rather create a private bug report with as many information as possible on how to reproduce.
I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.
Please Log in to join the conversation.
- holch
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 11660
- Thank you received: 2742
3 months 2 weeks ago #254176
by holch
I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.
Replied by holch on topic Security - Token IDs are being found by external bad actors.
Your link by the way just gives me a strange error message. Too much security on that blog going on, I guess.
Code:
The requested URL was rejected. Please consult with your administrator. Your support ID is: 1162400028088369xxxx
I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.
Please Log in to join the conversation.