1

Topic: Issue with 2FA activated by mistake

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release):  1.4.2
- Deployed with iRedMail Easy or the downloadable installer? downloadable installer
- Linux/BSD distribution name and version: ubuntu 20.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.

sogo.nu;
Version 5.2.0
====

One of our users enabled by mistake the two-factor authentication using TOTP Authenticator from the webmail , saved that configuration and logout the mailbox. Now the milbox is unable to reenter. Do you know how we can enable the access to the mailbox without eliminate the mailbox?

I checked sogo-tool file , but its contain a lot of rubbish and incomprehensible data .!
can you help me ?

BR

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team.

2

Re: Issue with 2FA activated by mistake

Disable the 2FA with sogo-tool:
https://forum.iredmail.org/post76115.html#p76115

3

Re: Issue with 2FA activated by mistake

ZhangHuangbin wrote:

Disable the 2FA with sogo-tool:
https://forum.iredmail.org/post76115.html#p76115

I checked sogo-tool file , but its contain a lot of rubbish and incomprehensible data as attached  .!

4

Re: Issue with 2FA activated by mistake

There's a sample command in the linked post, you don't need to "check sogo-tool file" at all, and "sogo-tool" is a binary program, not a text file.

5

Re: Issue with 2FA activated by mistake

I cant find any text like "AuthenticatorEnabled" ! or I need to add it as following :
UserWithProblem SOGoGoogleAuthenticatorEnabled {"SOGoGoogleAuthenticatorEnabled":0}'

if yes ;
where I should add the text ?
two-factor authentication using a TOTP application not GoogleAuthenticator ,so I should modify command or same ?!

Thanks for support and effort Dear smile
BR

6

Re: Issue with 2FA activated by mistake

Replace "UserWithProblem" by the email address of the real user which has such problem.

7

Re: Issue with 2FA activated by mistake

ZhangHuangbin wrote:

Replace "UserWithProblem" by the email address of the real user which has such problem.

what about Google and TOTP Authenticator ?!

8

Re: Issue with 2FA activated by mistake

eng.husamit wrote:

what about Google and TOTP Authenticator ?!

I don't understand the question. sad

Google TOTP Authenticator (iOS) app lost my data once after app update, so i abandoned it.

9

Re: Issue with 2FA activated by mistake

I added following commad but still requst me to Enter the 6-digit verification code from your TOTP application.

UserWithProblem SOGoGoogleAuthenticatorEnabled {"SOGoGoogleAuthenticatorEnabled":0}'

10

Re: Issue with 2FA activated by mistake

can you tell me excat postiin to add command ?

11

Re: Issue with 2FA activated by mistake

Replace user@domain.com by the real email address which you have problem with:

sogo-tool user-preferences set defaults \
    user@domain.com \
    SOGoGoogleAuthenticatorEnabled {"SOGoGoogleAuthenticatorEnabled":0}'

12 (edited by eng.husamit 2022-05-12 13:48:17)

Re: Issue with 2FA activated by mistake

ZhangHuangbin wrote:

Replace user@domain.com by the real email address which you have problem with:

sogo-tool user-preferences set defaults \
    user@domain.com \
    SOGoGoogleAuthenticatorEnabled {"SOGoGoogleAuthenticatorEnabled":0}'

Whic one is correct 1 or 2 in the figure  ? I added Both but still need Code  sad

after file modify , any services need restart ?

Thanks for your effort in advance . smile

Post's attachments

Capture3.PNG
Capture3.PNG 9.91 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

13

Re: Issue with 2FA activated by mistake

- Don't leak your real email address in public forum. I deleted your screenshot.
- My sample command misses one single quote, the correct one should be:

sogo-tool user-preferences set defaults \
    user@domain.com \
    SOGoGoogleAuthenticatorEnabled '{"SOGoGoogleAuthenticatorEnabled":0}'

14

Re: Issue with 2FA activated by mistake

ZhangHuangbin wrote:

- Don't leak your real email address in public forum. I deleted your screenshot.
- My sample command misses one single quote, the correct one should be:

sogo-tool user-preferences set defaults \
    user@domain.com \
    SOGoGoogleAuthenticatorEnabled '{"SOGoGoogleAuthenticatorEnabled":0}'


Thanks for your reply , I added by mistake . I modify text as you mentioned but same sad
have any services need to restart >

Thanks you in advance

BR

Post's attachments

v12.PNG
v12.PNG 8.77 kb, 1 downloads since 2022-05-18 

You don't have the permssions to download the attachments of this post.

15

Re: Issue with 2FA activated by mistake

Some platforms enable users to generate tokens in advance, sometimes providing a document with a certain number of codes that can be used in the future to bypass 2FA should the service fail. If an attacker obtains the user password and gains access to that document, they can bypass 2FA.

16

Re: Issue with 2FA activated by mistake

eng.husamit wrote:

have any services need to restart >

No.
But SOGo uses memcached as cache, if you don't mind waiting for some time, then just retry if it failed. Otherwise restart memcached before retry.