Fixed TFA can still be configured even if disabled via config.php

K

Kirby

Well-known member
Affected version
2.2.9
If TFA is disabled via config.php $config['enableTfa'] ) false; and users to have permission to use TFA, they can still configure it but it does not have any effect.

This is confusing and might/will lead users to believe there accout is protected while in fact it is not.

Therefore I think it should not be possible to confgure TFA if it is disabled via config.php
 
Thank you for reporting this issue, it has now been resolved. We are aiming to include any changes that have been made in a future XF release (2.2.12).

Change log:
Prevent configuration of two-factor authentication when it is disabled via the config.php switch
Click to expand...
There may be a delay before changes are rolled out to the XenForo Community.
 

Similar threads

K
Fixed Account menu link "Your content" gives confusing error message if search engine is disabled
Replies
1
Views
917
XF Bug Bot
XF Bug Bot
K
CSS for disabled styles can be accessed by everyone
Replies
3
Views
674
Xon
X
R
Abstracted permissions sometimes return false even if permissionID is set to true
Replies
0
Views
265
RisteDimitrievski
R
pegasus
Addon Templates Still Render While Addon Disabled
Replies
2
Views
810
Xon
X
X
Fixed convert-utf8mb4 doesn't check if fullUnicode is already set before recommending it should be set
Replies
1
Views
811
XF Bug Bot
XF Bug Bot
Top Bottom