Open Zeecka opened 1 year ago
One of my user broke his phone today and lost his MFA client. As an administrator, I'd like to disable his MFA (and bind it later with a new client).
Let me know if you consider this feature as a security issue.
Manual fix:
$ docker exec -it mongo-pwndoc /bin/sh $ mongo # mongo shell in container > use pwndoc; # change current db > db.users.update({"username":"mylogin"},{$set:{"totpEnabled":false}}); # Edit user totp
One of my user broke his phone today and lost his MFA client. As an administrator, I'd like to disable his MFA (and bind it later with a new client).
Let me know if you consider this feature as a security issue.