TeamPass
TeamPass copied to clipboard
Published
20 hours ago •
nilsteampassnet
nilsteampassnet
QR Code generation API for MFA disabled.
Steps to reproduce
- Send email with initial Google Authenticator code to new user.
- New user accesses the application and tries to generate the QR Code with the sent code.
- QR Code is not generated (broken image).
Bug:
From what I investigated, the API used by Teampass for generating QR Codes (https://chart.googleapis.com/chart?) has been deprecated since 2012, and it appears to have been definitively deactivated:
All queries to the API return a 404 error. Support forums:
https://www.googlecloudcommunity.com/gc/AppSheet-Q-A/QR-Code-Generator-not-working/m-p/695918 https://groups.google.com/g/google-visualization-api/c/Pzzya6ed14g?pli=1
Expected behaviour
The QR code should be generated for the Google Authenticator configuration.
Actual behaviour
The QR Code is not generated, and the image appears broken.
Server configuration
Operating system: Debian GNU/Linux 12 (bookworm)
Web server: Server version: Apache/2.4.57 (Debian)
Database: mysql:5.7.43 (docker)
PHP version: PHP 8.2.7 (cli) (built: Jun 9 2023 19:37:27) (NTS)
Teampass version: version 3.0.5
Teampass configuration file:
<?php
global $SETTINGS;
$SETTINGS = array (
'max_latest_items' => '10',
'enable_favourites' => '1',
'show_last_items' => '1',
'enable_pf_feature' => '0',
'log_connections' => '1',
'log_accessed' => '1',
'time_format' => 'H:i:s',
'date_format' => 'd/m/Y',
'duplicate_folder' => '0',
'item_duplicate_in_same_folder' => '0',
'duplicate_item' => '0',
'number_of_used_pw' => '3',
'manager_edit' => '1',
'cpassman_dir' => '/var/www/html/teampass',
'cpassman_url' => 'https://mysistem.com',
'favicon' => 'https://mysistem.com/favicon-ufms.ico',
'path_to_upload_folder' => '/var/www/html/teampass/upload',
'path_to_files_folder' => '/var/www/html/teampass/files',
'url_to_files_folder' => 'https://mysistem.com/files',
'activate_expiration' => '0',
'pw_life_duration' => '0',
'maintenance_mode' => '0',
'enable_sts' => '0',
'encryptClientServer' => '1',
'teampass_version' => '3.0.5',
'ldap_mode' => '1',
'ldap_type' => 'ActiveDirectory',
'ldap_suffix' => '0',
'ldap_domain_dn' => '0',
'ldap_domain_controler' => '0',
'ldap_user_attribute' => 'samaccountname',
'ldap_ssl' => '0',
'ldap_tls' => '0',
'ldap_search_base' => '0',
'ldap_port' => '389',
'richtext' => '0',
'allow_print' => '0',
'roles_allowed_to_print' => '0',
'show_description' => '1',
'anyone_can_modify' => '0',
'anyone_can_modify_bydefault' => '0',
'nb_bad_authentication' => '0',
'utf8_enabled' => '1',
'restricted_to' => '0',
'restricted_to_roles' => '0',
'enable_send_email_on_user_login' => '0',
'enable_user_can_create_folders' => '0',
'insert_manual_entry_item_history' => '0',
'enable_kb' => '0',
'enable_email_notification_on_item_shown' => '0',
'enable_email_notification_on_user_pw_change' => '0',
'custom_logo' => 'https://mysistem.com/logo-azul.svg',
'custom_login_text' => '',
'default_language' => 'english',
'send_stats' => '0',
'send_statistics_items' => 'stat_country;stat_users;stat_items;stat_items_shared;stat_folders;stat_folders_shared;stat_admins;stat_managers;stat_ro;stat_mysqlversion;stat_phpversion;stat_teampassversion;stat_languages;stat_kb;stat_suggestion;stat_customfields;stat_api;stat_2fa;stat_agses;stat_duo;stat_ldap;stat_syslog;stat_stricthttps;stat_fav;stat_pf;',
'send_stats_time' => '1696692680',
'get_tp_info' => '1',
'send_mail_on_user_login' => '0',
'nb_items_by_query' => 'auto',
'enable_delete_after_consultation' => '0',
'enable_personal_saltkey_cookie' => '0',
'personal_saltkey_cookie_duration' => '31',
'email_smtp_server' => 'mysmtp',
'email_smtp_auth' => '1',
'email_auth_username' => 'user_mysmtp',
'email_auth_pwd' => 'pass_mysmtp',
'email_port' => '587',
'email_security' => 'tls',
'email_server_url' => '',
'email_from' => '[email protected]',
'email_from_name' => 'Teampass',
'pwd_maximum_length' => '40',
'google_authentication' => '1',
'delay_item_edition' => '0',
'allow_import' => '1',
'proxy_ip' => '',
'proxy_port' => '',
'upload_maxfilesize' => '10mb',
'upload_docext' => 'doc,docx,dotx,xls,xlsx,xltx,rtf,csv,txt,pdf,ppt,pptx,pot,dotx,xltx',
'upload_imagesext' => 'jpg,jpeg,gif,png',
'upload_pkgext' => '7z,rar,tar,zip,tar.gz',
'upload_otherext' => 'sql,xml,pem,key,pub',
'upload_imageresize_options' => '1',
'upload_imageresize_width' => '800',
'upload_imageresize_height' => '600',
'upload_imageresize_quality' => '90',
'use_md5_password_as_salt' => '0',
'ga_website_name' => 'TeamPass',
'api' => '0',
'subfolder_rights_as_parent' => '0',
'show_only_accessible_folders' => '0',
'enable_suggestion' => '0',
'otv_expiration_period' => '7',
'default_session_expiration_time' => '60',
'duo' => '0',
'enable_server_password_change' => '0',
'ldap_object_class' => '0',
'bck_script_path' => '/var/www/html/teampass/backups',
'bck_script_filename' => 'bck_teampass',
'syslog_enable' => '0',
'syslog_host' => 'localhost',
'syslog_port' => '514',
'manager_move_item' => '0',
'create_item_without_password' => '0',
'otv_is_enabled' => '0',
'agses_authentication_enabled' => '0',
'item_extra_fields' => '0',
'saltkey_ante_2127' => 'none',
'migration_to_2127' => 'done',
'files_with_defuse' => 'done',
'timezone' => 'America/Bahia',
'enable_attachment_encryption' => '1',
'personal_saltkey_security_level' => '50',
'ldap_new_user_is_administrated_by' => '0',
'disable_show_forgot_pwd_link' => '0',
'offline_key_level' => '0',
'enable_http_request_login' => '0',
'ldap_and_local_authentication' => '1',
'secure_display_image' => '1',
'upload_zero_byte_file' => '1',
'upload_all_extensions_file' => '1',
'bck_script_passkey' => 'bkp_passkey',
'admin_2fa_required' => '0',
'password_overview_delay' => '4',
'copy_to_clipboard_small_icons' => '1',
'duo_ikey' => 'admin',
'duo_skey' => '',
'duo_host' => '',
'duo_failmode' => 'secure',
'roles_allowed_to_print_select' => '[1,2,3,4,5,6,7]',
'clipboard_life_duration' => '30',
'mfa_for_roles' => '[]',
'tree_counters' => '0',
'settings_offline_mode' => '0',
'settings_tree_counters' => '0',
'enable_massive_move_delete' => '0',
'email_debug_level' => '3',
'ga_reset_by_user' => '1',
'onthefly-backup-key' => '',
'onthefly-restore-key' => '',
'ldap_user_dn_attribute' => 'distinguishedname',
'ldap_dn_additional_user_dn' => 'OU=TE',
'ldap_user_object_filter' => '(|(memberOf=CN=teampass-infra,OU=MY,DC=my,DC=domain,DC=com))',
'ldap_bdn' => 'OU=MY,DC=my,DC=domain,DC=com',
'ldap_hosts' => '192.168.1.10',
'ldap_password' => 'mypassldap',
'ldap_username' => 'CN=reader,DC=my,DC=domain,DC=com',
'api_token_duration' => '60',
'enable_tasks_manager' => '1',
'task_maximum_run_time' => '300',
'tasks_manager_refreshing_period' => '20',
'maximum_number_of_items_to_treat' => '100',
'ldap_tls_certifacte_check' => 'LDAP_OPT_X_TLS_NEVER',
'enable_tasks_log' => '0',
'upgrade_timestamp' => '1699284680',
'enable_ad_users_with_ad_groups' => '0',
'enable_ad_user_auto_creation' => '0',
'ldap_group_object_filter' => '',
'ldap_guid_attibute' => 'objectguid',
);
Updated from an older Teampass or fresh install: Fresh installation.
Client configuration
Browser: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36. MS Edge, Firefox, and Chrome are experiencing the issue.
Operating system: Windows 11 Pro
Logs
Web server error log
No significant errors are displayed in the web server log.
[Wed May 15 11:13:17.839618 2024] [php:warn] [pid 2102222] [client 10.212.134.41:51127] PHP Warning: Undefined array key "id" in /var/www/html/teampass/sources/items.logs.php on line 110, referer: https://mysistem.com/index.php?page=items
[Wed May 15 11:13:17.839636 2024] [php:warn] [pid 2102222] [client 10.212.134.41:51127] PHP Warning: Undefined array key "id" in /var/www/html/teampass/sources/items.logs.php on line 113, referer: https://mysistem.com/index.php?page=items
Log from the web-browser developer console (CTRL + SHIFT + i)
Failed to load resource: the server responded with a status of 404 (Not Found)
index.php:1680 Loading settings result:
index.php:1681 Object
index.php:2187 User starts auth
index.php:2671 Get 2FA Methods answer:
index.php:2672 {agses: false, google: true, yubico: false, duo: false}
index.php:2736 Data submitted to identifyUser:
index.php:2737 {GACode: 'EZuh9fJk7yFs', login: 'teste.teste', pw: 'p$RWRghssobci-x-', duree_session: '60', screenHeight: 713.656, …}
index.php:2758 Session existance check:
index.php:2759 {status: true}
index.php:2794 Identification answer:
index.php:2795 SESSION KEY is: Dv9985arACPMGqTpnj3Nfb7MgqCC3GmTvPdZM8Tp3mGXJ78Mxg
index.php:2796 {value: '', user_admin: 0, initial_url: '', pwd_attempts: 1, error: true, …}
index.php:2187 User starts auth
index.php:2671 Get 2FA Methods answer:
index.php:2672 {agses: false, google: true, yubico: false, duo: false}
index.php:2736 Data submitted to identifyUser:
index.php:2737 {GACode: 'EZuh9fJk7yFs', login: 'teste.teste', pw: 'uRKQgJQyfU3_V7Dx', duree_session: '60', screenHeight: 713.656, …}
index.php:2758 Session existance check:
index.php:2759 {status: true}
index.php:2794 Identification answer:
index.php:2795 SESSION KEY is: Dv9985arACPMGqTpnj3Nfb7MgqCC3GmTvPdZM8Tp3mGXJ78Mxg
index.php:2796 {value: '<img src="data:image/png;base64,PGh0bWw+PGJvZHk+PG…jQwNCBOb3QgRm91bmQ8L2gxPjwvYm9keT48L2h0bWw+Cg==">', user_admin: 0, initial_url: '', pwd_attempts: 2, error: false, …}error: falseinitial_url: ""message: "Flash this QR code with your mobile device, enter the 2Factor Authentication code and click `Enter` button."mfaStatus: "ga_temporary_code_correct"pwd_attempts: 2user_admin: 0value: "<img src=\"data:image/png;base64,PGh0bWw+PGJvZHk+PGgxPjQwNCBOb3QgRm91bmQ8L2gxPjwvYm9keT48L2h0bWw+Cg==\">"
