Issue in reconfiguring two-factor authentication

Administrators can now regenerate QR code for a specific user, which can be used to configure the two-factor authentication again.

What was the problem?

Administrators cannot regenerate a QR code to reset the two-factor authentication. The existing resend QR code functionality which has been sending the same code for two-factor authentication is now enhanced with the 'Regenerate QR Code' capability to help administrators with reconfiguring the two-factor authentication. 

How do I fix it?

This has been fixed in Endpoint Central version 10.1.2228.13 on 13.12.2022. To apply this fix, follow the steps below:

1. Login to your Endpoint Central console, click on your current build number on the top right corner.
2. You'll be able to find the latest build applicable to you. Download the PPM and update.

Once done, you can now regenerate QR code by navigating to Admin > User Administration > Users > Regenerate QR Code in product console.

This vulnerability is not applicable to Endpoint Central Cloud.

Credits

Luke Williams via Endpoint Central's Bug Bounty Program.

Help

For further assistance, please reach out to our support at endpointcentral-support@manageengine.com