Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

2 factor not being enforced consistently via http

Discussion in 'Security' started by maestroc, Jul 16, 2018.

  1. maestroc

    maestroc Well-Known Member

    Aug 23, 2012
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Reseller Owner
    I switched on two factor the other day both for SSH and for WHM access. I have noticed that if I do not click the logout button in WHM when I am done (just close the window) then the next time I go to log into WHM it doesn't ask me for the second factor. Even if it is many hours since the last time I logged into WHM it asks me for my password but it doesn't ask for the second factor unless I have logged out previously by clicking the logout button.

    Surely this isn't the way it is supposed to work? Is there some way to force it to ask for 2nd factor every time regardless?
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Apr 11, 2011
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    Hello @maestroc,

    WHM is detecting the session-cookie stored in your web browser from the prior successful two-factor authentication attempt. Internal case CPANEL-9113 is open to request an improvement to the two-factor authentication functionality so that users are prompted for both the username/password and two-factor authentication anytime a new authentication attempt is performed. I don't have a time frame or a decision to note on this case at this time, but I've added a link to this forums thread to the case and will update this thread with more information as it becomes available. There's no available workaround to implement this functionality at this time.

    Thank you.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice