Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse

Cloudron Forum

Apps | Demo | Docs | Install

Significant issue with 2fa

Scheduled Pinned Locked Moved Solved Support
2fa
20 Posts 5 Posters 881 Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • P Offline
    P Offline
    privsec
    wrote on last edited by girish
    #1

    I have just noticed an issue where my 2fa codes stored within bitwarden (hosted from within cloudron) are not returning the same codes nor are they on the same timeframe as the ones I have on my phone. The codes in bitwarden are no longer working, they were working atleast a week ago - maybe sooner.

    What have done

    1. I have deleted the entry on my phone an in the entry in bitwarden
    2. I enter the code presented to me after resetting my password (I had to since 2fa isnt working for my cloudrons bitwarden) into bitwarden, then take a picture using tofu.
    3. Compare the numbers, they are grossly inaccurate. Only the numbers on my phones app will work.

    Either Bitwardens not working as intended, or the code provided is faulty.
    Im personally leaning towards a packaging issue as this is affecting multiple sites where the code from my phone allows me to log in just fine where as the code from bitwarden doesnt

    fbartelsF P 2 Replies Last reply
    0
  • fbartelsF Offline
    fbartelsF Offline
    fbartels App Dev
    replied to privsec on last edited by
    #2

    @privsec is the time of your server maybe out of sync?

    P 2 Replies Last reply
    0
  • P Offline
    P Offline
    privsec
    replied to privsec on last edited by
    #3

    I keep getting this error message Untitled.png
    But with differing date and times.
    I have a VPN, I have tried off and on, I have created a new firefox profile as well to see if my pref.js file may have goofed up my settings.
    The app last updated 3 days ago, I reverted to that backup, and it still is doing this.

    1 Reply Last reply
    0
  • P Offline
    P Offline
    privsec
    replied to fbartels on last edited by
    #4

    @fbartels That is certainly a possibility.

    I havent considered that. Im double checking that route now.

    1 Reply Last reply
    0
  • P Offline
    P Offline
    privsec
    replied to fbartels on last edited by
    #5

    @fbartels Well, nuts.

    It looks like it is the server thats out of date.

    Untitled.png
    Server is in Germany.

    Its 20 UTC according to that CLI, but according to

    https://time.is/Germany at 4:16 ET it is 10:16 PM Germany time

    P fbartelsF 2 Replies Last reply
    0
  • P Offline
    P Offline
    privsec
    replied to privsec on last edited by
    #6

    @privsec So I disabled system Ctl and installed ntp, but it still showing wrong, any pointers?

    fbartelsF 1 Reply Last reply
    0
  • fbartelsF Offline
    fbartelsF Offline
    fbartels App Dev
    replied to privsec on last edited by
    #7

    https://en.wikipedia.org/wiki/Time-based_One-Time_Password

    Its in the name 😄

    But to be honest more services should fail because of time drifts between client and servers. That they dont fail just means that the applications are creating sessions with too long lifetimes.

    P 1 Reply Last reply
    0
  • fbartelsF Offline
    fbartelsF Offline
    fbartels App Dev
    replied to privsec on last edited by
    #8

    @privsec does https://linuxconfig.org/how-to-sync-time-on-ubuntu-20-04-focal-fossa-linux help?

    1 Reply Last reply
    0
  • P Offline
    P Offline
    privsec
    replied to fbartels on last edited by
    #9

    @fbartels So I may be lied to about the whereabouts of my server hosting, and ill have to discuss that, as I just ran through this https://www.edmundofuentes.com/blog/2018/11/19/enable-ntp-ubuntu-18-04/

     ntpd: time slew +0.010236 s
    
    

    So my server does not actually seem to be the cause of the problem here

    P 1 Reply Last reply
    0
  • P Offline
    P Offline
    privsec
    replied to privsec on last edited by
    #10

    @privsec This would mean that the UTC time is correct on the server.

    P 1 Reply Last reply
    0
  • P Offline
    P Offline
    privsec
    replied to privsec on last edited by
    #11

    I guess, what do I do now?

    P 1 Reply Last reply
    0
  • P Offline
    P Offline
    privsec
    replied to privsec on last edited by
    #12

    I have submitted a help desk ticket, I am at a loss here. I dont know whats wrong with this.

    fbartelsF 1 Reply Last reply
    0
  • fbartelsF Offline
    fbartelsF Offline
    fbartels App Dev
    replied to privsec on last edited by fbartels
    #13

    @privsec could it be that systemd nowadays slowly adjusts the leak to prevent time jumps?

    So is the drive time drift reducing?

    P 1 Reply Last reply
    0
  • P Offline
    P Offline
    privsec
    replied to fbartels on last edited by
    #14

    @fbartels Is the drive reducing?

    P 1 Reply Last reply
    0
  • P Offline
    P Offline
    privsec
    replied to privsec on last edited by
    #15

    @privsec It is currently at

    Sat Apr  3 21:01:32 UTC 2021
    nebulonN 1 Reply Last reply
    0
  • nebulonN Offline
    nebulonN Offline
    nebulon Staff
    replied to privsec on last edited by
    #16

    @privsec having the server in UTC is correct. For things like backups and update schedules, you can set the timezone via the dashboard, but this would not affect the server's time setting as reported by timedatectl From you thread so far, I lost track if you have an issue with the time being off by that much or not? TOTP mostly has some 1minute timeframe, so the time drift would be quite big.

    Besides that, the root cause could also be that the bitwarden app as such is running on the wrong timezone? You could try to get the time the app sees when using the webterminal into the app from the Cloudron dashboard.

    P 1 Reply Last reply
    0
  • girishG Offline
    girishG Offline
    girish Staff
    wrote on last edited by
    #17

    You can disable 2FA for a user using the instructions here - https://docs.cloudron.io/user-management/#disable-2fa .

    P 1 Reply Last reply
    0
  • P Offline
    P Offline
    privsec
    replied to nebulon on last edited by
    #18

    @nebulon
    At 1:58pm EST, the Bitwarden app sees the date as 003f980e-a62f-483d-87b1-398c4d2dc599-image.png
    Which according to http://www.timebie.com/timezone/universalgermany.php
    Is almost 8pm In Germany, and according to
    https://time.is/Germany
    This is accurate
    73cb3ffd-6fac-4fa5-9dda-70b4b5bb8543-image.png

    I use 2fa within bitwarden for apps and services such as github and social media and streaming services.

    I need the 2fa functionality to work.

    1 Reply Last reply
    0
  • P Offline
    P Offline
    privsec
    replied to girish on last edited by
    #19

    @girish and @nebulon

    Well..I don't know what occurred...

    Now its working. I just tried removing and re adding a 2fa code again and now it is working. I really am speechless about this.

    luckowL 1 Reply Last reply
    1
  • luckowL Offline
    luckowL Offline
    luckow translator
    replied to privsec on last edited by
    #20

    @privsec That is what I personally call computer vodoo 🙂

    Pronouns: he/him | Primary language: German

    1 Reply Last reply
    0

  • Login

  • Don't have an account? Register

  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Login

  • Don't have an account? Register

  • Login or register to search.