App for Android bypassing 2FA
Hello All,
I recently revisited my interest in trying to manage some basic functions for my WHM servers via Android app, and the below one seemed to be decently rated in the Google Play Store. I recalled having read how these apps may not function correctly with 2FA enabled, so I wasn't expecting too much.
However, I was VERY surprised to see that by using this app along with root password alone, I can login and manage quite a few things on both of my serves, COMPLETELY bypassing the need for 2FA.
I was under the impression that two-factor was enforced for all root logins, so how is this possible?
- Removed -
-
Thank you, I'm certainly aware that the app I posted was not affiliated with cPanel. I'm wondering how it is possible that this application is bypassing what I thought was a requirement for login, namely 2FA. This seems like a security concern to me. 0 -
TFA is not enabled by default, you enable it if you wish to use it. Two-Factor Authentication for WHM - Version 76 Documentation - cPanel Documentation 0 -
It is enabled, and has been a requirement for login on this server. What I'm saying is that this application is bypassing my enabled 2FA. How is bypassing 2FA possible. 0 -
I can't answer that. I don't use the app or have an android to test to confirm the issue from here. Please feel free to open a ticket directly to cPanel Technical Support if you suspect and issue with Two-Factor authentication on your server. 0 -
I understand. Thank you for the direction. You may want to leave a link to the application with a note, as this app may be a security concern to others, and having this information out there would be useful. I'll explore with support and provide follow up later on. 0 -
Please do. Thanks! I think removing the link from your post is best, no need to make it any more available than it might be otherwise. 0
Please sign in to leave a comment.
Comments
8 comments