0
Under review

Control - Force Password Change triggers 2FA

arobinson 4 weeks ago 0

User logs in with temporary password and is prompted to change password

User changes password and clicks button to submit changed password

User is taken back to login screen to login again (with new password)AND AT THE SAME TIME a 2FA email is generated and sent to user (BEFORE THEY EVEN LOGIN THE SECOND TIME)

If user then attempts to log in right away, they may or may not get another 2FA email and it’s unclear which code will work (or if both will work)

If user waits a few minutes (I waited about 7 minutes), another 2FA email is definitely generated and the code in the first email (highlighted in red above) will NOT WORK.

ConnectWise Control Version:
20.9
Server Affected:
Host Client Affected:
Guest Client Affected: