Back to limesurvey.org

Welcome to the LimeSurvey Community Forum

Ask the community, share ideas, and connect with other LimeSurvey users!

..

  • maestro1315
  • maestro1315's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
10 months 2 weeks ago - 10 months 2 weeks ago #254161 by maestro1315
... was created by maestro1315
...
Last edit: 10 months 2 weeks ago by maestro1315.

Please Log in to join the conversation.

  • holch
  • holch's Avatar
  • Offline
  • LimeSurvey Community Team
  • LimeSurvey Community Team
More
10 months 2 weeks ago #254173 by holch
Replied by holch on topic Security - Token IDs are being found by external bad actors.
What do you mean with "When scanned?"
I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.

Please Log in to join the conversation.

  • maestro1315
  • maestro1315's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
10 months 2 weeks ago - 10 months 2 weeks ago #254174 by maestro1315
Replied by maestro1315 on topic ..
...
Last edit: 10 months 2 weeks ago by maestro1315.

Please Log in to join the conversation.

  • holch
  • holch's Avatar
  • Offline
  • LimeSurvey Community Team
  • LimeSurvey Community Team
More
10 months 2 weeks ago #254175 by holch
Replied by holch on topic Security - Token IDs are being found by external bad actors.
So I assume we are talking about a brute force attack here? And yes, as they URL of Limesurvey surveys are "predictable", I wouldn't be surprised when if after a huge amount of tries, a bot will guess the survey id and maybe also a token within the survey URL. Or am I understanding you wrong? If you feel, this is a security vulnerability, I highly recommend to not post this on the public accessible forum, but rather create a private bug report with as many information as possible on how to reproduce.
I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.

Please Log in to join the conversation.

  • holch
  • holch's Avatar
  • Offline
  • LimeSurvey Community Team
  • LimeSurvey Community Team
More
10 months 2 weeks ago #254176 by holch
Replied by holch on topic Security - Token IDs are being found by external bad actors.
Your link by the way just gives me a strange error message. Too much security on that blog going on, I guess.
Code:
The requested URL was rejected. Please consult with your administrator.
 
Your support ID is: 1162400028088369xxxx
I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.

Please Log in to join the conversation.

Moderators: holchtpartner

Lime-years ahead

Online-surveys for every purse and purpose

Pricing & Plans
Get started

Legal

About Us

Open Source