Hi all,
I've noticed that I can actively bypass the enabled 2FA Authentication of my "My VMware" Account.
When I login on "communities.vmware.com" first, I don't get asked to provide the 2FA code. Then accessing "my.vmware.com" gets me right in my "My VMware" account, which usually asks for 2FA codes when accessed directly. I think this is an issue.
Best regards,
Bjoern
Something for @ericnipro to look into perchance?
--
Wil
Hi,
I will let IT know this, suspect it's just they haven't gotten around to enabling TFA on all the consumers of the myvmare authentication API set we consume on the community platform.
Do you know if this is still working that way?
Thanks
Eric
I have discovered the same issue that is persisting when first logging in on customerconnect.vmware.com and bypassing all 2fa prompts.
Hi,
sorry for not getting back. Complete lost focus on this topic 😉
Yes it is still working that way. Logged in on community forums without 2FA and can access https://customerconnect.vmware.com/dashboard which should require 2FA.
Thanks
Bjoern
I think it’s a little more than just the customer connect. On one certain page on customerconnect it asks for your username and password in the page itself and doesn’t ask for 2FA. Once you are logged in on this page ANY VMware site that requires authentication can then be accessed, including the accounts management page and products management page. Personally I would like to see this issue fixed relatively quickly as it completely bypasses 2FA on any the account
Hi,
It doesn't look like anyone from VMware is picking up on this.
I don't work for VMware.. so can't help either, however I can suggest what to do.
Please forward the issue to security@vmware.com and I think you will find the people down there more responsive and hopefully they know who to contact within VMware to get this addressed.
--
Wil
just sent it off now and hopefully it gets fixed ASAP