Solved Significant issue with 2fa
-
I have just noticed an issue where my 2fa codes stored within bitwarden (hosted from within cloudron) are not returning the same codes nor are they on the same timeframe as the ones I have on my phone. The codes in bitwarden are no longer working, they were working atleast a week ago - maybe sooner.
What have done
- I have deleted the entry on my phone an in the entry in bitwarden
- I enter the code presented to me after resetting my password (I had to since 2fa isnt working for my cloudrons bitwarden) into bitwarden, then take a picture using tofu.
- Compare the numbers, they are grossly inaccurate. Only the numbers on my phones app will work.
Either Bitwardens not working as intended, or the code provided is faulty.
Im personally leaning towards a packaging issue as this is affecting multiple sites where the code from my phone allows me to log in just fine where as the code from bitwarden doesnt -
@privsec is the time of your server maybe out of sync?
-
I keep getting this error message
But with differing date and times.
I have a VPN, I have tried off and on, I have created a new firefox profile as well to see if my pref.js file may have goofed up my settings.
The app last updated 3 days ago, I reverted to that backup, and it still is doing this. -
@fbartels That is certainly a possibility.
I havent considered that. Im double checking that route now.
-
@fbartels Well, nuts.
It looks like it is the server thats out of date.
Server is in Germany.Its 20 UTC according to that CLI, but according to
https://time.is/Germany at 4:16 ET it is 10:16 PM Germany time
-
@privsec So I disabled system Ctl and installed ntp, but it still showing wrong, any pointers?
-
https://en.wikipedia.org/wiki/Time-based_One-Time_Password
Its in the name
But to be honest more services should fail because of time drifts between client and servers. That they dont fail just means that the applications are creating sessions with too long lifetimes.
-
-
@fbartels So I may be lied to about the whereabouts of my server hosting, and ill have to discuss that, as I just ran through this https://www.edmundofuentes.com/blog/2018/11/19/enable-ntp-ubuntu-18-04/
ntpd: time slew +0.010236 sSo my server does not actually seem to be the cause of the problem here
-
@privsec This would mean that the UTC time is correct on the server.
-
I guess, what do I do now?
-
I have submitted a help desk ticket, I am at a loss here. I dont know whats wrong with this.
-
@privsec could it be that systemd nowadays slowly adjusts the leak to prevent time jumps?
So is the
drivetime drift reducing? -
@fbartels Is the drive reducing?
-
@privsec It is currently at
Sat Apr 3 21:01:32 UTC 2021 -
@privsec having the server in UTC is correct. For things like backups and update schedules, you can set the timezone via the dashboard, but this would not affect the server's time setting as reported by timedatectl From you thread so far, I lost track if you have an issue with the time being off by that much or not? TOTP mostly has some 1minute timeframe, so the time drift would be quite big.
Besides that, the root cause could also be that the bitwarden app as such is running on the wrong timezone? You could try to get the time the app sees when using the webterminal into the app from the Cloudron dashboard.
-
You can disable 2FA for a user using the instructions here - https://docs.cloudron.io/user-management/#disable-2fa .
-
@nebulon
At 1:58pm EST, the Bitwarden app sees the date as
Which according to http://www.timebie.com/timezone/universalgermany.php
Is almost 8pm In Germany, and according to
https://time.is/Germany
This is accurate
I use 2fa within bitwarden for apps and services such as github and social media and streaming services.
I need the 2fa functionality to work.
-
Well..I don't know what occurred...
Now its working. I just tried removing and re adding a 2fa code again and now it is working. I really am speechless about this.
-
@privsec That is what I personally call computer vodoo
