mailcow-dockerized
mailcow-dockerized copied to clipboard
mailcow
2FA WebAuthn requires password te set/disable, FIDO2 credentialless does not
Contribution guidelines
- [X] I've read the contribution guidelines and wholeheartedly agree
I've found a bug and checked that ...
- [X] ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
- [X] ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
- [X] ... I have understood that answers are voluntary and community-driven, and not commercial support.
- [X] ... I have verified that my issue has not been already answered in the past. I also checked previous issues.
Description
If you set a 2FA method, you need to supply your current password. If you set a FIDO2 login method, you do not.
Both are similarly dangerous, so both need same policy.
Logs
nginx-mailcow_1 | x.x.x.x - - [09/May/2022:10:21:41 +0200] "GET /api/v1/get/fido2-registration/username HTTP/1.0" 200 771 "https://hostname/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36"
Steps to reproduce
- Set 2FA, you need password
- Set FIDO2, you do not need password
System information
| Question | Answer |
|---|---|
| My operating system | Debian Bullseye |
| Is Apparmor, SELinux or similar active? | No |
| Virtualization technlogy (KVM, VMware, Xen, etc - LXC and OpenVZ are not supported | No |
| Server/VM specifications (Memory, CPU Cores) | 6Gb, 4 cores |
Docker Version (docker version) |
20.10.14 |
Docker-Compose Version (docker-compose version) |
2.5.0 |
| Reverse proxy (custom solution) | nginx |
Output of git diff origin/master, any other changes to the code? If so, please post them:
Other certs & no ipv6nat-mailcow (switched with update.sh)
All third-party firewalls and custom iptables rules are unsupported. Please check the Docker docs about how to use Docker with your own ruleset. Nevertheless, iptabels output can help us to help you: iptables -L -vn:
No alterations
ip6tables -L -vn:
No alterations
iptables -L -vn -t nat:
No alterations
ip6tables -L -vn -t nat:
No alterations
DNS problems? Please run docker exec -it $(docker ps -qf name=acme-mailcow) dig +short stackoverflow.com @172.22.1.254 (set the IP accordingly, if you changed the internal mailcow network) and post the output:
151.101.193.69
151.101.129.69
151.101.65.69
151.101.1.69
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
