I've recently enabled two-factor authentication one-time password functionality for my Webmin instance using the Google Authenticator method. After some initial trouble with the Perl dependencies, I was able to move past it and implement it. However, and I'm not sure if this is related to the original Perl depdenency issues, the OTP I use always work, but so does every other 6 digit string of numbers. I can put in my normal credentials and use 123456 for the OTP and it will still log me in, even though it's clearly not the right number.
It seems as if there is no validation going on for the number. Has anyone else experienced this? Any suggestions? I followed the documentation found at http://doxfer.webmin.com/Webmin/Enhanced_Authentication and I still can't quite figure out why this is accepting any 6 digit string of numbers.
Any ideas or suggestions? Thank you in advance.
-- Dustin
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi there,
I've recently enabled two-factor authentication one-time password functionality for my Webmin instance using the Google Authenticator method. After some initial trouble with the Perl dependencies, I was able to move past it and implement it. However, and I'm not sure if this is related to the original Perl depdenency issues, the OTP I use always work, but so does every other 6 digit string of numbers. I can put in my normal credentials and use 123456 for the OTP and it will still log me in, even though it's clearly not the right number.
It seems as if there is no validation going on for the number. Has anyone else experienced this? Any suggestions? I followed the documentation found at http://doxfer.webmin.com/Webmin/Enhanced_Authentication and I still can't quite figure out why this is accepting any 6 digit string of numbers.
Any ideas or suggestions? Thank you in advance.
-- Dustin