multiOTPCredentialProvider icon indicating copy to clipboard operation
multiOTPCredentialProvider copied to clipboard

Published 20 hours ago verified publisher icon multiOTP

RDP and wrong password

Open k0n1g opened this issue 10 months ago • 8 comments

When I try to connect via RDP and enter the wrong user password, the authorization window starts sending a blank password repeatedly until the user is locked out. It's happend when user without 2fa. If user with 2fa, after wrong pass it's send blank pass and open one-time pass

k0n1g avatar Jan 20 '25 03:01 k0n1g

Hello, thanks for your feedback. Can you please send us a video ? And tell us what version of credential provider you are using and which version of Windows you are remotely connecting to ? Best regards

multiOTP avatar Jan 23 '25 13:01 multiOTP

without 2fa https://github.com/user-attachments/assets/d1052528-ee9c-4e09-9600-bb79dd9eb2ea

with 2fa https://github.com/user-attachments/assets/096fa8c0-ce6d-4f89-802e-91cfcceea0ab

CP version 5.9.8.0, Windows Server 2016 and WIndows 10

k0n1g avatar Jan 24 '25 04:01 k0n1g

Hello, I'm not able to reproduce the error. Can you please give us the content of the registry (without the shared secret) where multiOTP credential provider is installed : HKEY_CLASSES_ROOT\CLSID{FCEFDFAB-B0A1-4C4D-8B2B-4FF4E0A3D978}

Best regards

multiOTP avatar Mar 19 '25 16:03 multiOTP

Image

It's happened when CP installed on PC which form I trying to connect to RDP. Even if on remote PC CP is not installed.

CP version 5.9.9.2 same problem

Maybe it's possible to turn of CP for RDP credential form and leave CP for credential form when not privileged user start runing programs as admin or other user?

k0n1g avatar Mar 20 '25 00:03 k0n1g

Are you running RDP client as administrator ? You registry key cpus_credui is set to 0e it means that OTP is asked when you run something that needs elevated rights. Try to set this registry key cpus_credui to the value 3d is it still asking you for OTP ?

Best regards

multiOTP avatar Mar 24 '25 09:03 multiOTP

No, RDP client runs as a normal user. If I set cpus_credui = 3d, OTP is not requested. But I would like to set it to 0e. So that unprivileged users cannot run anything as admin without asking for admin's 2fa. And here we come to the problem with users without 2fa who enter the wrong password in the RDP credentials form

k0n1g avatar Mar 25 '25 00:03 k0n1g

Thanks for the info. We were able to reproduce the bug. We are looking for a solution. We will keep you posted.

Regards

multiOTP avatar Apr 04 '25 10:04 multiOTP

Hello, we found a solution. We plan to release it in the middle of May.

Are you interessted in testing the new dll before release ? If so please send us an email to : [email protected]

Best regards

multiOTP avatar Apr 25 '25 14:04 multiOTP

This has been fixed and released in 5.10.0.1.

multiOTP avatar Oct 29 '25 09:10 multiOTP