github/vaultwarden
1
1
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-04-06 04:42:00 +02:00
Code Issues 49 Packages Projects Releases Wiki Activity

2FA Policy not enforced after removing a users 2FA through the Admin interface #1489

New Issue
Closed
opened 2026-04-06 01:57:25 +02:00 by MrUnknownDE · 0 comments
MrUnknownDE commented 2026-04-06 01:57:25 +02:00
Owner
Copy Link

Originally created by @FreeMinded on 8/26/2023

Subject of the issue

The Admin Panel allows to remove 2FA configurations from a user (which is great). Unfortunately the user is neither removed from the organization nor requested to setup 2FA again at the next login if he is part of an organization with 2FA Policy. The user still has full access to this organization. So it’s a way to circumvent the 2FA policy, presenting a security flaw.

See Forum Discussion

Deployment environment

Vaultwarden Version 2023.5.0

Steps to reproduce

  1. Invite a user to an organization with 2FA policy & complete process to give user access (user will be forced to configure 2FA)
  2. Remove users 2FA from the /admin Interface
  3. Login a user (no 2FA will be required anymore)
  4. User still has access to organization with 2FA policy

Expected behaviour

With the removal of the 2FA settings for a user in the /admin Interface the user should be removed from any organization with 2FA policy.

This would be consistent with the current behavior. When a user removes his 2FA settings himself, he gets removed from all organizations with 2FA policy.

Actual behaviour

User still has access to organization with 2FA policy despite not having 2FA configured.

*Originally created by @FreeMinded on 8/26/2023* ### Subject of the issue The Admin Panel allows to remove 2FA configurations from a user (which is great). Unfortunately the user is neither removed from the organization nor requested to setup 2FA again at the next login if he is part of an organization with 2FA Policy. The user still has full access to this organization. So it’s a way to circumvent the 2FA policy, presenting a security flaw. See [Forum Discussion](https://vaultwarden.discourse.group/t/2fa-policy-not-enforced-after-removing-a-users-2fa-settings/2875) ### Deployment environment Vaultwarden Version 2023.5.0 ### Steps to reproduce 1. Invite a user to an organization with 2FA policy & complete process to give user access (user will be forced to configure 2FA) 2. Remove users 2FA from the /admin Interface 3. Login a user (no 2FA will be required anymore) 4. User still has access to organization with 2FA policy ### Expected behaviour With the removal of the 2FA settings for a user in the /admin Interface the user should be removed from any organization with 2FA policy. This would be consistent with the current behavior. When a user removes his 2FA settings himself, he gets removed from all organizations with 2FA policy. ### Actual behaviour User still has access to organization with 2FA policy despite not having 2FA configured.
MrUnknownDE added the enhancementbugenhancementenhancementenhancementenhancementenhancementenhancementenhancementenhancementenhancementenhancementenhancementenhancementenhancementenhancementenhancementenhancementenhancementenhancementenhancementenhancementenhancementenhancementenhancementenhancementenhancementenhancementenhancementenhancementbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbug labels 2026-04-06 01:58:50 +02:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
SSO
SSO
SSO
SSO
SSO
SSO
SSO
SSO
SSO
SSO
SSO
SSO
SSO
SSO
SSO
SSO
SSO
SSO
Third party
Third party
Third party
Third party
Third party
Third party
Third party
Third party
Third party
Third party
Third party
Third party
Third party
Third party
Third party
Third party
Third party
Third party
Third party
Third party
Third party
Third party
Third party
Third party
Third party
Third party
Third party
Third party
Third party
Third party
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
documentation
documentation
documentation
documentation
documentation
documentation
documentation
documentation
documentation
documentation
duplicate
duplicate
duplicate
duplicate
duplicate
duplicate
duplicate
duplicate
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
future Vault
future Vault
future Vault
future Vault
future Vault
future Vault
future Vault
future Vault
future Vault
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
hacktoberfest-accepted
hacktoberfest-accepted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
notes
notes
notes
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
wontfix
wontfix
wontfix
wontfix
wontfix
wontfix
wontfix
wontfix
wontfix
wontfix
No Label bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
MrUnknownDE
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github/vaultwarden#1489
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?