Webmin: 2FA Google Authenticator not working for new Users/Setups with Version 1.960

Created on 29 Oct 2020  路  7Comments  路  Source: webmin/webmin

When a User registers with a new 2FA Verification for the "Google Authenticator" TOTP, the 2FA Codes doesn't work.
The Login fails and it displays the Error Message on Screen "Login failed. Please try again."

2FA Authentifications registered before this Version still work.

miniserv.error:
~
[29/Oct/2020:11:17:49 +0100] [85.3.50.70] Bad Request
Use of uninitialized value in pattern match (m//) at /usr/share/webmin/acl/index.cgi line 283.
Use of uninitialized value $miniserv{"anonymous"} in split at ./acl-lib.pl line 2165.
Use of uninitialized value $miniserv{"anonymous"} in split at ./acl-lib.pl line 2165.
[29/Oct/2020:11:18:04 +0100] Reloading configuration
Use of uninitialized value in pattern match (m//) at /usr/share/webmin/acl/index.cgi line 283.
[29/Oct/2020:11:18:35 +0100] [85.3.50.70] Bad Request
[29/Oct/2020:11:18:35 +0100] [85.3.50.70] Bad Request
[29/Oct/2020:11:18:35 +0100] [85.3.50.70] Bad Request
[29/Oct/2020:11:18:36 +0100] [85.3.50.70] Bad Request
Use of uninitialized value in pattern match (m//) at /usr/share/webmin/acl/index.cgi line 283.
[29/Oct/2020:11:19:51 +0100] Reloading configuration
Use of uninitialized value in pattern match (m//) at /usr/share/webmin/acl/index.cgi line 283.
Use of uninitialized value $acl::in{"user"} in concatenation (.) or string at /usr/share/webmin/acl/twofactor_form.cgi line 50.
Use of uninitialized value $secret in pattern match (m//) at /usr/share/webmin/webmin/webmin-lib.pl line 2621.
Use of uninitialized value in pattern match (m//) at /usr/share/webmin/acl/index.cgi line 283.
[29/Oct/2020:11:20:15 +0100] Reloading configuration
Use of uninitialized value in pattern match (m//) at /usr/share/webmin/acl/index.cgi line 283.
Use of uninitialized value $acl::in{"user"} in concatenation (.) or string at /usr/share/webmin/acl/twofactor_form.cgi line 50.
Use of uninitialized value $secret in pattern match (m//) at /usr/share/webmin/webmin/webmin-lib.pl line 2621.
[29/Oct/2020:11:20:21 +0100] Reloading configuration
Use of uninitialized value in pattern match (m//) at /usr/share/webmin/acl/index.cgi line 283.
~

Host: vServer (4 Core, 16GB RAM)
OS: Ubuntu 20.04.1
Webserver: tested Caddy 2.2.0 and Apache 2.4.46 ( Proxy SSL to Miniserv)

Most helpful comment

Okay, I found a bug which shows itself with passwords containing + and % and other chars that must be escaped. It will be fixed in the next Webmin 1.961 release.

You can fix it by manually applying this patch https://github.com/webmin/webmin/commit/ec6e681818d7dd8ed476078eef03541fc7cff109.

All 7 comments

Hi,

This issue must be fixed by a simple Webmin restart.

~
/etc/webmin/restart
~

Hi iliarostovtsev
Thanks for the reply. I've restarted the Webmin Service, but still cant login with 2 FA:

[29/Oct/2020:11:59:40 +0100] miniserv.pl started
[29/Oct/2020:11:59:40 +0100] IPv6 support cannot be enabled without the Socket6 perl module
[29/Oct/2020:11:59:40 +0100] Using MD5 module Digest::MD5
[29/Oct/2020:11:59:40 +0100] Using SHA512 module Crypt::SHA
[29/Oct/2020:11:59:40 +0100] PAM authentication enabled
[29/Oct/2020:11:59:55 +0100] [85.3.50.70] Bad Request
Use of uninitialized value in pattern match (m//) at /usr/share/webmin/acl/index.cgi line 283.
Use of uninitialized value $secret in pattern match (m//) at /usr/share/webmin/webmin/webmin-lib.pl line 2621.
[29/Oct/2020:12:00:09 +0100] Reloading configuration
Use of uninitialized value in pattern match (m//) at /usr/share/webmin/acl/index.cgi line 283.
[29/Oct/2020:12:00:48 +0100] miniserv.pl started
[29/Oct/2020:12:00:48 +0100] IPv6 support cannot be enabled without the Socket6 perl module
[29/Oct/2020:12:00:48 +0100] Using MD5 module Digest::MD5
[29/Oct/2020:12:00:48 +0100] Using SHA512 module Crypt::SHA
[29/Oct/2020:12:00:48 +0100] PAM authentication enabled

After fixing Socket6 Perl Module
[29/Oct/2020:12:11:24 +0100] miniserv.pl started
[29/Oct/2020:12:11:24 +0100] IPv6 support enabled
[29/Oct/2020:12:11:24 +0100] Using MD5 module Digest::MD5
[29/Oct/2020:12:11:24 +0100] Using SHA512 module Crypt::SHA
[29/Oct/2020:12:11:24 +0100] PAM authentication enabled
Use of uninitialized value $secret in pattern match (m//) at /usr/share/webmin/webmin/webmin-lib.pl line 2621.
[29/Oct/2020:12:11:43 +0100] Reloading configuration
Use of uninitialized value in pattern match (m//) at /usr/share/webmin/acl/index.cgi line 283.

I've restarted the Webmin Service, but still cant login with 2 FA:

What was the exact command that you used to restart Webmin?

Darn it. It see the problem with user passwords containing special characters, as they seem not to be encoded correctly. For instance passwords with % and +.

I've used the Command you stated:
/etc/webmin/restart

And also tried with:
service webmin restart

With both Restart Options I still get the Error:
[29/Oct/2020:12:58:27 +0100] miniserv.pl started
[29/Oct/2020:12:58:27 +0100] IPv6 support enabled
[29/Oct/2020:12:58:27 +0100] Using MD5 module Digest::MD5
[29/Oct/2020:12:58:27 +0100] Using SHA512 module Crypt::SHA
[29/Oct/2020:12:58:27 +0100] PAM authentication enabled
Use of uninitialized value $secret in pattern match (m//) at /usr/share/webmin/webmin/webmin-lib.pl line 2621.
[29/Oct/2020:12:59:20 +0100] Reloading configuration
Use of uninitialized value in pattern match (m//) at /usr/share/webmin/acl/index.cgi line 283.
[29/Oct/2020:12:59:56 +0100] Reloading configuration
Use of uninitialized value in pattern match (m//) at /usr/share/webmin/acl/index.cgi line 283.

Edit:
Yea your right, I use a strong Passwort Auth with more than 16 Chars and special characters with !+%&

Okay, I found a bug which shows itself with passwords containing + and % and other chars that must be escaped. It will be fixed in the next Webmin 1.961 release.

You can fix it by manually applying this patch https://github.com/webmin/webmin/commit/ec6e681818d7dd8ed476078eef03541fc7cff109.

I've applied the patch on my System.
Now 2FA works again. Thanks for the Fix iliarostovtsev 馃榾馃憤

Was this page helpful?
0 / 5 - 0 ratings