Welcome, Guest
Username: Password: Remember me

TOPIC: Security

Security 3 years 1 month ago #57227

  • Catze
  • Catze's Avatar
  • OFFLINE
  • Fresh Lemon
  • Posts: 3
  • Karma: 0
An IT-technician/admin pointed to me that the passwords of an account in plain text and clearly with password and user name are sent to the user. Is it possible to fix it?

Crawlers scan all mails just for these terms. Especially for companies a high security risk - that's irresponsible.

what can i do?
The administrator has disabled public write access.

Re: Security 3 years 1 month ago #57229

  • lowprofile
  • lowprofile's Avatar
  • OFFLINE
  • Junior Lime
  • Posts: 22
  • Thank you received: 1
  • Karma: 0
maybe instead of sending a password on account creation limesurvey could send a token, which when clicked by the receiver prompts them to setup a password ?
The administrator has disabled public write access.

Re: Security 3 years 1 month ago #57247

  • DenisChenu
  • DenisChenu's Avatar
  • NOW ONLINE
  • Moderator Lime
  • Posts: 5845
  • Thank you received: 715
  • Karma: 222
Please, fill a bug report.

And yes , i'm agree it's a security hole, but it's need time to be reworked.
The administrator has disabled public write access.

Re: Security 3 years 1 month ago #57278

  • Mazi
  • Mazi's Avatar
  • OFFLINE
  • LimeSurvey Team
  • Posts: 5279
  • Thank you received: 289
  • Karma: 246
No cross posting please: www.limesurvey.org/en/forum/german-forum...ema-sicherheit#57273

translation of my solution psted at the link above:
1. Create a user with a fake email address. The password will be set automatically
2. Afterwards edit this user and assign him/her a manually created password.
3. Tell him/her about the username/password combination or send two separate emails
4. Afterwards you might want to change the email address to the correct one.

Best regards/Beste Grüße,
Dr. Marcel Minke
(Limesurvey Head of Support)
Need Help? We offer professional Limesurvey support
Contact: marcel.minke(at)limesurvey.org'"
The administrator has disabled public write access.

Re: Security 3 years 1 month ago #57351

  • Mazi
  • Mazi's Avatar
  • OFFLINE
  • LimeSurvey Team
  • Posts: 5279
  • Thank you received: 289
  • Karma: 246
We always honor user feedback so there will be two new settings at the upcoming 1.91 version for displaying passwords. See limesurvey.svn.sourceforge.net/viewvc/li...vision&revision=9810

Best regards/Beste Grüße,
Dr. Marcel Minke
(Limesurvey Head of Support)
Need Help? We offer professional Limesurvey support
Contact: marcel.minke(at)limesurvey.org'"
The administrator has disabled public write access.
Moderators: ITEd
Time to create page: 0.106 seconds
Donation Image