View Issue Details

Jump to NotesJump to History
This bug affects 1 person(s).
 4
IDProjectCategoryView StatusDate SubmittedLast Update
19847Bug reportsAuthenticationpublic2024-11-21 17:392025-02-17 17:57
Reportera.berner@instant.at Assigned Totibor.pacalat  
PrioritynoneSeveritypartial_block 
Status closedResolutionfixed 
Product Version6.6.x 
Summary19847: 2FA renewing not working
Description

if you renew your 2FA key an additional key gets stored and the original one is not deleted from the table. The causes the only one of the keys is working randomly as it depends on which entry of the database is delivered first.

It seems that only a new key gets stored and the old ones get not deleted here: https://github.com/LimeSurvey/LimeSurvey/blob/master/application/core/plugins/TwoFactorAdminLogin/TwoFactorAdminLogin.php#L354

Steps To Reproduce

Steps to reproduce

  • generate a new 2FA key
  • log out
  • log in with this key
  • renew the 2FA key (without deleting it first)
  • log out
  • login in with the new key

Expected result

login should only work with the new key

Actual result

login will not work with the new key but with the old key

TagsNo tags attached.
Bug heat4
Complete LimeSurvey version number (& build)6.6.8+241104
I will donate to the project if issue is resolvedNo
Browser
Database type & versionMysql
Server OS (if known)
Webserver software & version (if known)
PHP Version8.1

Users monitoring this issue

There are no users monitoring this issue.

Activities

gabrieljenik

gabrieljenik

2025-02-10 13:38

manager   ~81990

https://github.com/LimeSurvey/LimeSurvey/pull/4161
LimeBot

LimeBot

2025-02-17 17:57

administrator   ~82046

Fixed in Release 6.10.5+250217

Issue History

Date Modified Username Field Change
2024-11-21 17:39 a.berner@instant.at New Issue
2025-02-03 12:24 tibor.pacalat Assigned To => gabrieljenik
2025-02-03 12:24 tibor.pacalat Status new => assigned
2025-02-10 13:38 gabrieljenik Assigned To gabrieljenik => DenisChenu
2025-02-10 13:38 gabrieljenik Status assigned => ready for code review
2025-02-10 13:38 gabrieljenik Note Added: 81990
2025-02-10 13:38 gabrieljenik Bug heat 0 => 2
2025-02-10 15:43 DenisChenu Assigned To DenisChenu => tibor.pacalat
2025-02-10 15:43 DenisChenu Status ready for code review => ready for testing
2025-02-12 16:04 tibor.pacalat Status ready for testing => resolved
2025-02-12 16:04 tibor.pacalat Resolution open => fixed
2025-02-17 17:57 LimeBot Note Added: 82046
2025-02-17 17:57 LimeBot Status resolved => closed
2025-02-17 17:57 LimeBot Bug heat 2 => 4