Ask for OTP (without2FA users) when show saved passwords in Edge/Chrome

[szolnokit]

I have some windows users, created with:
multiotp -create my_user without2fa
(Some other users use 2FA...)

Windows logins are good. These users can login without ask for OTP.

But if these users try unhide the saved password in Edge/Chrome, asked username/password (this is normal) and multiOTP ask for OTP too. But no 2FA enabled for these usres, and no OTP.

These users unable to show their saved passwords currently.

I think mutiOTP shouldn't ask for an OTP if the user has 2FA disabled.

multiOTPWithout2FA value in registry is 1.

[multiOTP]

Hello,
We will fix that in the next release.
Regards,

[multiOTP]

Hello, we found the source of the problem. It's due to folder restriction.
If you have a multiOTP server, here is a workarround until we publish a new version. On the computers with the credential provider installed, adapt the folder rights like this :
c:\program files\multiOTP add read access to authenticated users
c:\program files\multiOTP\multiotp.exe add read and execute right to authenticated users
c:\program files\multiOTP\config NO read access for authenticated users
c:\program files\multiOTP\php add read and execute right to authenticated users
c:\program files\multiOTP\template NO read access for authenticated users
c:\program files\multiOTP\tokens NO read access for authenticated users
c:\program files\multiOTP\users NO read access for authenticated users

Can you please tell us if it works that way ?

Best regards