Skip to content
This repository has been archived by the owner on Mar 15, 2024. It is now read-only.

Inactive 2FA Report - Incorrectly reporting "GOOD NEWS No websites were found in your vault with a missing two-factor authentication configuration." #839

Closed
sambartle opened this issue Feb 20, 2021 · 3 comments · Fixed by #840 or bitwarden/server#1156
Closed

Inactive 2FA Report - Incorrectly reporting "GOOD NEWS No websites were found in your vault with a missing two-factor authentication configuration." #839

sambartle opened this issue Feb 20, 2021 · 3 comments · Fixed by #840 or bitwarden/server#1156
Assignees
@vincentsalucci

Comments

@sambartle
Copy link

sambartle commented Feb 20, 2021
edited
Loading

Describe the Bug

When logging into the Web Vault and running the "Inactive 2FA Report" from the UI, the report always returns "GOOD NEWS
No websites were found in your vault with a missing two-factor authentication configuration."

Steps To Reproduce

  1. Login to Web Vault
  2. Navigate to Tools Tab
  3. Click Inactive 2FA Report

Expected Result

The report should identify any sites with 2FA which do not have Tokens setup in Bitwarden.

In my personal case I have a significant number including at least the following which are configured in my Google Authenticator application on my phone: (7 different google or gsuite logins, amazon, 2AWS, 5 microsoft logins, paypal, 3 OVH logins, cloudflare, epic games, evernote, facebook, humble bundle, IFTTT, Instagram, Oculus, Ubisoft, Knowbe4, ultimaker.)

Actual Result

Report always returns:
GOOD NEWS
No websites were found in your vault with a missing two-factor authentication configuration.

Screenshots or Videos

Report Results
image

Example of Unconfigured TOTP for a common site with 2FA the report should be listing
image

Environment

  • Operating system: Windows 10 Pro Build 20H2
  • Browser: Chrome 88.0.4324.182 (x64)
  • Build Version (Bottom of the page): 2.18.1

Additional Context

Raised from https://community.bitwarden.com/t/inactive-2fa-report-no-websites-were-found/18088/3
@bastervrugt
Copy link

Same here.

The api request fails:
Access to fetch at 'https://twofactorauth.org/api/v1/data.json' from origin 'https://vault.bitwarden.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

@sambartle
Copy link
Author

sambartle commented Feb 21, 2021
edited
Loading

Same here.

The api request fails:
Access to fetch at 'https://twofactorauth.org/api/v1/data.json' from origin 'https://vault.bitwarden.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

Interesting..
It would seem that the domain this is pointing too (which was linked to a GitHub project (https://github.com/2factorauth/twofactorauth) to create a list of 2FA sites).. has actually been bought by someone else as it expired..

Bitwarden could locally replicate the list (since its on Github here https://github.com/2factorauth/twofactorauth/tree/master/_data and available for use)

@cscharf cscharf linked a pull request Feb 22, 2021 that will close this issue
Change all "twofactorauth.org" references to "2fa.directory" #840
Merged
@cscharf cscharf mentioned this issue Feb 22, 2021
Merged
@cscharf
Copy link
Contributor

cscharf commented Feb 23, 2021

@sambartle , thanks for the report, all fixed (live), thanks to @phallobst for the contributed fix (beat us to the punch).

@gradypark86 gradypark86 mentioned this issue Mar 20, 2021
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@vincentsalucci vincentsalucci

Labels
None yet
Projects
None yet
Milestone
No milestone
4 participants
@bastervrugt @sambartle @cscharf @vincentsalucci