Zeecka
commented
1 year ago Manual fix:
$ docker exec -it mongo-pwndoc /bin/sh
$ mongo # mongo shell in container
> use pwndoc; # change current db
> db.users.update({"username":"mylogin"},{$set:{"totpEnabled":false}}); # Edit user totp
One of my user broke his phone today and lost his MFA client. As an administrator, I'd like to disable his MFA (and bind it later with a new client).
Let me know if you consider this feature as a security issue.