tdlib
CRITICAL: Login UI Fails to Trigger requestAuthenticationPasswordRecovery - Locked Account +16892920247
Dear TDLib/MTProto Developers,
I am a legitimate user with 2FA enabled and full access to the recovery email, but I am locked out due to a core login logic bug.
The application UI (Official Telegram & Telegram X) is stuck at the initial "Code Sent via Telegram" state and never transitions to the 2FA password screen, thus blocking access to the 'Forgot Password' option (auth.requestPasswordRecovery).
Account Details: Phone Number: +16892920247 Recovery Email: [email protected]
Request: Please investigate why the UI is failing to initiate the 2FA recovery flow for this specific account state. Manual intervention to initiate the password reset is required, as I can confirm ownership via the recovery email.
Thank you for addressing this critical logic flaw.
Ok
On Sun, Oct 26, 2025, 4:47 PM farzadmd25-droid @.***> wrote:
farzadmd25-droid created an issue (tdlib/td#3494) https://github.com/tdlib/td/issues/3494
Dear TDLib/MTProto Developers,
I am a legitimate user with 2FA enabled and full access to the recovery email, but I am locked out due to a core login logic bug.
The application UI (Official Telegram & Telegram X) is stuck at the initial "Code Sent via Telegram" state and never transitions to the 2FA password screen, thus blocking access to the 'Forgot Password' option (auth.requestPasswordRecovery).
Account Details: Phone Number: +16892920247 Recovery Email: @.***
Request: Please investigate why the UI is failing to initiate the 2FA recovery flow for this specific account state. Manual intervention to initiate the password reset is required, as I can confirm ownership via the recovery email.
Thank you for addressing this critical logic flaw.
— Reply to this email directly, view it on GitHub https://github.com/tdlib/td/issues/3494, or unsubscribe https://github.com/notifications/unsubscribe-auth/BLBYQ2NAUJCPIGAQSFC2HUD3ZTNHDAVCNFSM6AAAAACKH76GPOVHI2DSMVQWIX3LMV43ASLTON2WKOZTGU2TIMJTGUZDKNQ . You are receiving this because you are subscribed to this thread.Message ID: @.***>
You must verify phone number first. If you use official Telegram app on a real phone, then you should be able to receive verification code through an SMS message.
@levlam Thank you for responding. I HAVE verified my phone number multiple times. The SMS code arrives successfully, but after entering it, the system NEVER progresses to the 2FA password screen. This is the core bug - the state transition from authorizationStateWaitCode to authorizationStateWaitPassword is broken.
The issue is NOT about receiving the SMS code. The issue is that after entering the correct SMS code, the login flow gets stuck and never asks for my 2FA password, which I have and can provide.
This is blocking humanitarian aid efforts. Please escalate this as a critical state machine bug in the authentication flow.
@levlam
Please note the correct recovery email for account +16892920247 is: [email protected]
Any password reset links or communications MUST be sent to this address ([email protected]), not any other email.
I have full access only to [email protected]. Thank you for your attention to this critical detail.
I am unable to follow the instruction to send the TDLib log to @tdlib_bot.
The core of the problem is that my account +1689292047 is perpetually locked out, preventing me from accessing any Telegram client, including the bot. I cannot log in to send you the log.
This situation confirms the severity of the server-side state transition failure (stuck in authorizationStateWaitCode with no timer/help option).
Could you please provide an alternative method for log collection, such as a direct email address or a special log gathering tool that does not require me to be logged into a Telegram client?
This is a life-critical security matter (Case #113857 with Access Now, for context). Manual intervention is urgently required.
Thank you.
You can send it to my email found in most source code files, for example, https://github.com/tdlib/td/blob/master/td/telegram/AccessRights.h. Don't forget to add link to the issue in the letter, so I can recognize it.
Subject: FINAL CRITICAL CORRECTION: Account Number for Issue #3494 is +16892920247
Dear levlam,
I sincerely apologize for the confusion. Due to the high-stress nature of this lockout, I provided two incorrect numbers in the previous emails.
The correct and final account number for GitHub Issue #3494 is: +16892920247
To summarize the definitive, correct ownership details for this critical, locked account:
- Account Number: +16892920247
- Recovery Email: @.***
- 2FA Password: 137083
- GitHub Issue Link: https://github.com/tdlib/td/issues/3494
Please ignore all previous conflicting account numbers and use only +16892920247 for server-side intervention.
Thank you for your patience and immediate attention to this life-critical matter.
Sincerely, Davood Pahlavan
در تاریخ جمعه ۱۴ نوامبر ۲۰۲۵، ۱۸:۴۱ Aliaksei Levin < @.***> نوشت:
levlam left a comment (tdlib/td#3494) https://github.com/tdlib/td/issues/3494#issuecomment-3533216878
You can send it to my email found in most source code files, for example, https://github.com/tdlib/td/blob/master/td/telegram/AccessRights.h. Don't forget to add link to the issue in the letter, so I can recognize it.
— Reply to this email directly, view it on GitHub https://github.com/tdlib/td/issues/3494#issuecomment-3533216878, or unsubscribe https://github.com/notifications/unsubscribe-auth/BZJUHNTD5NSP4X5POVD6RLL34XWJBAVCNFSM6AAAAACKH76GPOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTKMZTGIYTMOBXHA . You are receiving this because you authored the thread.Message ID: @.***>
Dear Aliaksei,
Following up on your comment ("I see no emails from you"): I tried sending the final, corrected account details (including 2FA password) multiple times to [email protected], as requested.
Unfortunately, Gmail delivery permanently failed after 48 hours with a server timeout error (recipient server did not accept connection requests to tdlib.org).
The account (+16892920247) remains completely locked in authorizationStateWaitCode.
Could you please provide an alternative private email address or a secure Telegram ID where I can send the final 2FA password and ownership details, as your current mail server seems unreachable?
Ok, thanks.
در تاریخ یکشنبه ۱۶ نوامبر ۲۰۲۵، ۱۱:۳۱ Aliaksei Levin < @.***> نوشت:
levlam left a comment (tdlib/td#3494) https://github.com/tdlib/td/issues/3494#issuecomment-3538325147
This is a wrong email address. I have pointed you to the correct one.
— Reply to this email directly, view it on GitHub https://github.com/tdlib/td/issues/3494#issuecomment-3538325147, or unsubscribe https://github.com/notifications/unsubscribe-auth/BZJUHNXLJ7MYOIH62B4K2F335AVOHAVCNFSM6AAAAACKH76GPOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTKMZYGMZDKMJUG4 . You are receiving this because you authored the thread.Message ID: @.***>
Dear @levlam,
Thank you for confirming you received my email at [email protected].
I must critically clarify: The email does not contain a TDLib log.
As I have explained, I am permanently locked out of all clients. It is technically impossible for me to log in to any client to generate a log file.
The email instead contains my 2FA Password (137083) and Recovery Email, which you can use to verify ownership.
Please use this 2FA password for manual, server-side intervention to reset the account state. This is the only possible solution since a log cannot be provided.
I can't do anything with the account. If you use TDLib, then I can check TDLib log to see what exactly happens when you try to log in. Otherwise, there is nothing I can do.
You sent another email, which states that it contains the log, but it has no files attached.
Now you have sent logs from Telegram Desktop, which doesn't use TDLib. This could have been also sufficient, but the sent MTProto log is empty, which makes impossible to check the login process.
Dear @levlam,
I sincerely apologize for the attachment failure. I have confirmed that the previous email containing the log file had no attachments due to a client error.
A new, final email was sent to your address ([email protected]) right now with the subject: "FINAL ATTACHMENT: TDLib Log (Level 4) for Account +16892920247 (Issue #3494)"
This new email contains the correctly attached Log file. Please disregard the attachment-less email and review the new one. Thank you.
As I said the sent logs are from Telegram Desktop, which doesn't use TDLib, and are useless without MTProto logs (the log is empty in the archive you have sent).
I have faced severe filtering in Iran and I have tried many times to send logs and unfortunately none of them have reached you. Is it not possible to send to a Telegram account? Or another way of communication other than email? در تاریخ دوشنبه ۱۷ نوامبر ۲۰۲۵، ۲۰:۰۷ Aliaksei Levin < @.***> نوشت:
levlam left a comment (tdlib/td#3494) https://github.com/tdlib/td/issues/3494#issuecomment-3542832660
As I said the sent logs are from Telegram Desktop, which doesn't use TDLib, and are useless without MTProto logs (the log is empty in the archive you have sent).
— Reply to this email directly, view it on GitHub https://github.com/tdlib/td/issues/3494#issuecomment-3542832660, or unsubscribe https://github.com/notifications/unsubscribe-auth/BZJUHNWQSODB4EMHTUV5SOD35H2WLAVCNFSM6AAAAACKH76GPOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTKNBSHAZTENRWGA . You are receiving this because you commented.Message ID: @.***>
Please let me know if you have received the sent log or not? This account is not an ordinary account and we have made humanitarian activities and helping the oppressed children of Balochistan our main goal. I even asked for help from human rights institutions, but they also had a hard time seeing my messages due to filtering in Iran. I am the only source of hope and hundreds of hungry children only depend on you. I hope you understand my situation.
There are no bugs in the provided log. It is usually not possible to log in in an account without access to the corresponding phone number. In some cases server may allow to add a login email which can be used to log in after initial phone number verification, but the email isn't related to the 2FA password recovery email. The account has no login email set up and therefore you can log in only using another active session, or the phone number. It is not possible to use only the password ("second factor") to log in to the account.
It's impossible, I'm sure that's the recovery email My account was with a real number in my name and I had recently changed it to a virtual number, and if there is no recovery email, the number change operation is not possible at all. Previous number +989152346010 New number +16892920247 Recovery email that has been attached to my account for years [email protected] This is the two-step code I'm sure of and I've used it many times myself 137083 and two-step code guide داتارا
Dear TDLib Developers,
I would like to provide a clear summary of the situation regarding Issue #3494.
My main Telegram account (+16892920247) was suddenly locked out. At the exact same time, several bots connected to my activities were also affected:
-
A well-known moderator bot called "Digi Anti Bot" (not my personal property, but widely used in large communities) was automatically deleted from Telegram. This bot was active in my group and its deletion coincided with my account lockout.
-
One of my own bots, created via BotFather and hosted separately, was also deleted. This bot was independent and not related to my store.
-
Additionally, I had subscribed to a monthly self-bot service (not originally mine) that was installed on my premium account to provide automated responses for business purposes. That bot was also removed at the same time.
The simultaneous lockout of my account and deletion of these bots strongly suggests a systemic issue in Telegram’s authentication/account management flow, rather than a user-side error. This situation has disrupted both humanitarian and business activities, making it critical to investigate.
Thank you for your attention.
As I told you before, every client I use just tells me that the code has been sent to you, and no timer shows me any other options, and the one I sent you as a lock happens the same way, and if I wait for hours and days, nothing happens and it remains at the same stage. The code was sent to your number without showing any options.
Please, if it is not possible for you, connect me to a responsive source from your colleagues so that I can fix my case. This is a very critical account. I have emailed many times through all Telegram support email addresses that have been introduced to the public, even through the support form on the Telegram website and also by sending a report to Telegram's Twitter account, but I have not received a response from any channel except you. I do not care about spending money to restore this account, and I am even willing to pay a fee. Brothers, introduce me to a correct and responsible way to be a partner in this good and humanitarian cause. Thank you for tolerating my harassment for a few days. I remind you that I had changed the number of this account recently and I have access to the SIM card that was the previous account number and it is mine, but this number is virtual and it is not possible to receive SMS, even if there is a way for Telegram to send the code to the previous account number, I can receive it.
در تاریخ سهشنبه ۱۸ نوامبر ۲۰۲۵، ۱۵:۰۰ Aliaksei Levin < @.***> نوشت:
levlam left a comment (tdlib/td#3494) https://github.com/tdlib/td/issues/3494#issuecomment-3547120751
There are no bugs in the provided log. It is usually not possible to log in in an account without access to the corresponding phone number. In some cases server may allow to add a login email which can be used to log in after initial phone number verification, but the email isn't related to the 2FA password recovery email. The account has no login email set up and therefore you can log in only using another active session, or the phone number. It is not possible to use only the password ("second factor") to log in to the account.
— Reply to this email directly, view it on GitHub https://github.com/tdlib/td/issues/3494#issuecomment-3547120751, or unsubscribe https://github.com/notifications/unsubscribe-auth/BZJUHNT4YRR5ZLQ237SUYQD35L7NJAVCNFSM6AAAAACKH76GPOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTKNBXGEZDANZVGE . You are receiving this because you commented.Message ID: @.***>
There is no procedure to restore access to an account without access to the corresponding phone number. I don't know whether someone can help you.