PhpMyAdmin 2FA Self-disables after update

This is a serious issue. After updating to a new version of Hestia CP, PhpMyAdmin suddenly looses 2FA settings and can be logged in without the 2FA code.

I wouldnt call it as “serious”, 2FA is an additional protection layer. Serious would be if you could login with a user :slight_smile:.

If you can’t find the bug, please open it in github: Sign in to GitHub · GitHub

We currently delete the phpmyadmin folder and setup a new one. Probally we should update it.

Aha so that’s where the issue is coming from. I hope you can fix it in 1.4.6 because I literally had heart attacks when I saw PhpMyAdmin not have 2FA 2 times. Then figured out that it came from the updates.

Or getting admin access from a standard user :stuck_out_tongue:

We just overwrite it. I don’t know what config is changed but it should be the one located in /etc/phpmyadmin/

It’s pma__userconfig

We should not delete the database only upgrade it after installation.

If you are using Nginx + apache2 try

v-change-sys-db-alias ‘pma’ “phpmyadmin”