2FA Code can’t be typed in page jumping back to login page

  • Resolved pswebservices

    (@pswebservices)


    9 months, 3 weeks ago

    Since a couple of days we have encountered the following problem with the 2FA.
    1. We open the wp-admin or wp-login page
    2. We enter username and pw
    3. Page is being forwarded to the 2FA or one-time pw page
    4. Here instead of waiting for the one time code to be entered, the page immediately jumps back to the login page and says “Error: The one-time password (TFA code) you entered was incorrect.”
    5. We can kind of trick the system by pressing ESC before it redirects back to the login page
    6. Then we can normally login

    But every time we want to login, we have to phase this problem.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    Hi @pswebservices

    It seems after showing for 2FA OTP input the form seems auto submitted some how. Pressing ESC the execution for page stopped ( might be the js doing that) and you can input 2FA

    Do Browser > Dev Tools > Console shows any error if you press ESC ?

    Do you have any other plugin related to login install /updated ? or any other pluign / functionality which suppose to auto submit the form in recent couple of days? If yes try disable that plugin and cross check.

    Regards

    I also get:

    Error: The one-time password (TFA code) you entered was incorrect.

    after inputting only the user/pass

    In dev tools I see 403 forbidden for:

    https://<host>/_jb_static/??/wp-includes/js/jquery/jquery-migrate.min.js,/wp-content/plugins/all-in-one-wp-security-and-firewall/includes/simba-tfa/includes/tfa.js?m=1715191553&cb=1

    Using Jetpack plugin with ‘boost’ is that conflicting here?

    Thanks in advance if you have any info on this!

    Giles

    Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    Hi @gilesnr,

    Here if you are getting 403 forbidden might be due to firewall rule can you please try disable one by one below feature if any enabled.

    1) REST API – WP Security > Firewall > WP REST API Can you please cross check the Disallow unauthorized REST requests:
    2) Deny bad query string – WP Security > Firewall > PHP rules tab. Deny bad query strings: uncheck the checkbox and save
    3) Advanced char filter – WP Security > Firewall > PHP rules tab. Enable advanced character string filter :uncheck the checkbox and save
    4) 5g firewall rules – WP Security > Firewall > 6G Blacklist firewall rules tab. Enable legacy 5G firewall protection uncheck the checkbox and save
    5) 6g firewall rules – WP Security > Firewall > 6G Blacklist firewall rules tab. Enable 6G firewall rules – uncheck the checkbox and save
    6) WP Security > Firewall > Internet bots ban – Blank HTTP headers Ban POST requests that have a blank user-agent and referer

    I will create internal ticket for to check if any conflict with jetpack boost.

    Regards

    Hi! OK, I only needed to uncheck 6G firewall rules as all other settings were off but this didn’t seem to help.

    I checked the apache error log and see Apache ‘security2’ errors from modsecurity, maybe this is the cause:

    ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file “/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf”]

    uri: _jb_static

    Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    Hi @gilesnr,

    Ok, from error it is hard for me also to know the exact issue.

    Can you please contact hosting provider for rules/REQUEST-949-BLOCKING-EVALUATION.conf any conflict to disable it.

    Regards

Viewing 5 replies - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.