- Status Closed
-
Assigned To
cbay - Private
Opened by waloodi_109 - 05.04.2025
Last edited by cbay - 05.04.2025
FS#150 - 2FA is not Initiating on User Account
#2FA is not Initiating on User Account
Hello Team, I hope you are doing well. While Researching in your domain I found 2Fa is not Initiating on User Account in your domain.
Steps to Reproduce:
1: Create a account in admin.alwaysdata.com.
2. Initiate 2fa on your account.
3. Go to Permission Section Add a Email in email Section and Check the 2fa Required box and make some Global Permission you want to proceed and then submit.
4. User receive Profile Initialization in your email, User can fill the form and then submit the form, he/she directly login on o your account without any 2fa Initialization in which administrator can check the 2fa required box.
Impact:
Administrator can imagine he/she initiate 2fa requirement on user account but 2fa is enabled on user account. User can easily access their account and admin permission without 2fa prompting.
Thank You,
Waleed Anwar
Loading...
Available keyboard shortcuts
- Alt + ⇧ Shift + l Login Dialog / Logout
- Alt + ⇧ Shift + a Add new task
- Alt + ⇧ Shift + m My searches
- Alt + ⇧ Shift + t focus taskid search
Tasklist
- o open selected task
- j move cursor down
- k move cursor up
Task Details
- n Next task
- p Previous task
- Alt + ⇧ Shift + e ↵ Enter Edit this task
- Alt + ⇧ Shift + w watch task
- Alt + ⇧ Shift + y Close Task
Task Editing
- Alt + ⇧ Shift + s save task
but 2fa is not enabled, sorry for typing mistake
Hello,
The "2FA required" checkbox means that the permission is only available if the user is logged in using 2FA.
They can still log in without 2FA, but then they won't have that permission.
Kind regards,
Cyril
ok thanks for clarification