Check your white space in the file guacamole.properties
*Thank You*
Sean Hulbert
*Security Centric Inc.*
A Cybersecurity Virtualization Enablement Company
/StormCloud Gov, Protected CUI Environment!/
Industry's most secure CMMC/iTAR virtual desktops!
*/FedRAMP MIL4 in process (RAR)/*
System Award Management
*CAGE: 8AUV4*
*SAM ID: UMJLJ8A7BMT3*
AFCEA San Francisco Chapter President
If you have heard of a hacker by name, he/she has failed, fear the
hacker you haven’t heard of!
CONFIDENTIALITY NOTICE: This communication with its contents may contain
confidential and/or legally privileged information. It is solely for the
use of the intended recipient(s). Unauthorized interception, review, use
or disclosure is prohibited and may violate applicable laws including
the Electronic Communications Privacy Act. If you are not the intended
recipient, please contact the sender and destroy all copies of the
communication. Content within this email communication is not legally
binding as a contract and no promises are guaranteed unless in a formal
contract outside this email communication.
igitur qui desiderat pacem, praeparet bellum!!!
Epitoma Rei Militaris
On 2/14/2025 12:08 AM, Skyrpan, Roman wrote:
Hello everyone,
I encountered an unexpected issue.
Apache Guacamole 1.5.5 is installed.
Authentication is done via LDAP, followed by two-factor authentication
using TOTP.
The problem occurs at the two-factor authentication stage when the QR
code and the associated secret key information are displayed. At the
end of the secret key, |====| is appended.
On Android devices, Google Authenticator and other apps work fine—both
when scanning the QR code and when manually entering the key. However,
on Apple devices, the same Google Authenticator throws an error when
scanning the QR code, and when entering the key manually, it generates
completely incorrect codes for login.
The only modification made to the |guacamole.properties| file was
adding |totp-mode sha256|.
After discovering the issue, I tested all available encryption methods
and digit lengths, as well as regenerated the TOTP secret completely,
but nothing changed.
Has anyone encountered this issue before?
Kind regards
Roman
