Something for @ericnipro to look into perchance?

--
Wil

| Author of Vimalin. The virtual machine Backup app for VMware Fusion, VMware Workstation and Player |
| More info at vimalin.com | Twitter @wilva

Hi,

I will let IT know this,  suspect it's just they haven't gotten around to enabling TFA on all the consumers of the myvmare authentication API set we consume on the community platform.

Do you know if this is still working that way?

Thanks

Eric

I have discovered the same issue that is persisting when first logging in on customerconnect.vmware.com and bypassing all 2fa prompts. 

Hi,

sorry for not getting back. Complete lost focus on this topic

Yes it is still working that way. Logged in on community forums without 2FA and can access https://customerconnect.vmware.com/dashboard which should require 2FA.

Thanks

Bjoern

I think it’s a little more than just the customer connect. On one certain page on customerconnect it asks for your username and password in the page itself and doesn’t ask for 2FA. Once you are logged in on this page ANY VMware site that requires authentication can then be accessed, including the accounts management page and products management page. Personally I would like to see this issue fixed relatively quickly as it completely bypasses 2FA on any the account

Hi,

It doesn't look like anyone from VMware is picking up on this.
I don't work for VMware.. so can't help either, however I can suggest what to do.

Please forward the issue to security@vmware.com and I think you will find the people down there more responsive and hopefully they know who to contact within VMware to get this addressed.

--
Wil

| Author of Vimalin. The virtual machine Backup app for VMware Fusion, VMware Workstation and Player |
| More info at vimalin.com | Twitter @wilva

just sent it off now and hopefully it gets fixed ASAP