I am running Gitlab CE 15.10.3.
I am experienced with Gitlab, been running it for about 12 years now.
We all use MFA for login. Now, everyone’s MFA is broken. Gitlab just keeps repeating “Invalid two-factor code” even though we all are 100% certain our codes are correct. Using Recovery Codes also does not work. There is just one account (thank goodness) that I have that uses WebAuthN. So I am able to login using that.
If I go to any account and try to disable MFA, it says: Two-factor authentication has been disabled successfully! Two-factor authentication: Status Enabled
No one is able to use the system now, EVEN USERS WHO NEVER HAD MFA.
Even users without MFA are getting prompted to enter their verification code, which of course fails.
I’m at a complete loss!
I have a backup of the server, but I think that’s going to be a waste too, because it will point to old YubiKey’s which I no longer have!