If i go into WHMCS>Setup>Servers>Virtualmin Server and click on “Login to Control Panel”, whmcs is completely bypassing Virtualmins 2 factor Authentication!
This should not be happening…I have not setup the API key, so WHMCS is only using the root user name and password to login. It should hit the 2 factor authentication wall and stop until that key is entered!
I appreciate that whmcs is using the Virtualmin REMOTE CGI, however, surely 2 factor authentication procedures should still be in effect? What if someone hacks whmcs? They now have the ability to gain full access to my webserver as well by simply clicking on that link inside whmcs?
Anyone else experiencing this issue?