search

multiOTP / multiOTPCredentialProvider

multiOTP Credential Provider is a V2 Credential Provider for Windows 7/8/8.1/10/2012(R2)/2016 with options like RDP only and UPN name support
Apache License 2.0
232 stars 77 forks source link

MultiOTP Credential Provider + Continent TLS 2.0 #51

Closed Uncert closed 2 years ago

Uncert commented 2 years ago

Hello everybody! We have use MultiOTP + MultiOTP Credential Provider 5.8.4.0 and another system for providing secure remote access to web applications using GOST encryption algorithms (https://www.securitycode.ru/download_center/?section=downloads&product=%D0%9A%D0%BE%D0%BD%D1%82%D0%B8%D0%BD%D0%B5%D0%BD%D1%82%20TLS)

I noticed strange work with the installed provider. When I try to log in to sites using Continent TLS, I get a blank Windows snap-in for choosing a certificate. When using provider version 5.8.1.1 - everything works fine.

https://ibb.co/kBYr5Bg - image error

multiOTP commented 2 years ago

Hello, We don't understand the complete process you are using. Could it be possible to provide us a test infrastructure in order to understand the flow and the process ? Regards,

Uncert commented 2 years ago

Yes, of course, I will prepare and record a video of the process on a completely clean system.

multiOTP commented 2 years ago

Ok, thx.

JoseLuisCaHu commented 2 years ago

¿Have you found a solution? I have the same problem with Windows certificates dialog, it doesn't show password textbox nor Allow button when Multiotp Credential Provider is installed. I am using 5.8.5.1 version but it happens with 5.8.4.0 too.

With MOTP Credential Provider installed: With MOTP Credential Provider installed

Without MOTP Credential Provider installed: Without MOTP Credential Provider installed .

Uncert commented 2 years ago

The solution has not yet been found, while we had a huge influx of work and I did not even have time to prepare a test bench ...

JoseLuisCaHu commented 2 years ago

I have found a temporary solution. It does not happen if you change the value of the "EnableLUA" registry key to 0 in "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" or by disabling the entry "User Account Control: Run all administrators in Admin Approval Mode" in a GPO in "Computer Configuration -> Policies -> Security Settings -> Local Policies -> Security Options".

multiOTP commented 2 years ago

thanks for the temporary solution. As soon as we have access to Uncert test computer we will have a look at what is going on. Best regards

JoseLuisCaHu commented 2 years ago

The issue still occurs with non-administrator users despite applying the temporary solution. I have found it happens because non-administrator users don't have read permissions on registry key HKEY_CLASSES_ROOT\CLSID{FCEFDFAB-B0A1-4C4D-8B2B-4FF4E0A3D978}. It is solved by giving them read permission.

multiOTP commented 2 years ago

Thanks for the fix @JoseLuisCaHu. The fact that the user must have a read access to the registry key HKEY_CLASSES_ROOT\CLSID{FCEFDFAB-B0A1-4C4D-8B2B-4FF4E0A3D978} seems to be an issue only with Continent TLS 2.0. Therefore, we will not change the instalaltion process on our side. Regards