The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Caching problem when enabling 2FA in WHM; does not remember active status

Discussion in 'Security' started by Leeteq, Mar 6, 2016.

  1. Leeteq

    Leeteq Registered

    Joined:
    Mar 6, 2016
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Europe
    cPanel Access Level:
    Root Administrator
    After seemingly successful setup of 2FA in WHM (v.54) both for root (my account) and a cPanel user, I can log both out and back in WITH 2FA to that normal cPanel user account on my VPS, and in and out of WHM with 2FA code. So far so good.

    But subsequently caching issues on the WHM 2FA page creates problems.

    When accessing that WHM 2FA setup page on next login, it reports the 2FA status as "disabled" (red), which is wrong.

    Logging out and back in (again) does not help, BUT: when I have logged out and back into WHM as root another time after experiencing the wrong "disabled message", WHM does NOT ask for the 2FA code..., and 2FA status is still "disabled" on the main 2FA settings page (the first of the 3 tabs).

    When clicking on the second tab of the 2FA settings page, the user tab, that one it does NOT fetch that "tab" from cache, but actually re-queries the database and successfully fetches the cPanel user I have set up with 2FA. At that moment, the red 2FA "disabled" status icon in WHM changes to green, and I receive a message stating that the 2FA settings was changed "in another browser session". (But I am the only user/admin logged into this VPS, not using multiple sessions.)

    Then, on the 3rd tab of the 2FA settings page, "My account", it also states that 2FA is disabled for "My account" (root). Yet I just logged in as root to WHM with 2FA a minute ago (the first subsequent login after enabling 2FA).

    Refreshing the page does not help, nor does logging out and back in (which NOW does NOT ask for 2FA, so now that status is "correct". I suspect that accessing that cached "My account" page may actually update the status from Active to Deactivated for the root account. But that is just a guess.

    I have also tried to enable 2FA, activate it for "My account" (successfully), and immediately reboot the VPS, and log back into WHM again, but to no avail.

    Observation: Every time I try to enable 2FA for "My account" again, it presents me with a new (different) secret key, not the same as the first time that I seemingly set it up "successfully".

    This seems to be a WHM caching problem, not necessarily a 2FA problem.

    I have seen similar caching "issues" on other WHM function pages too (at least in Firefox, which I am using for this (various versions, using the latest update now)), but they always resolve when logging out and back into WHM.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Would you mind opening a support ticket using the link in my signature so we can take a closer look at your system and determine if it's reproducible? You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
Loading...

Share This Page