diff --git a/lib/private/legacy/json.php b/lib/private/legacy/json.php
index d201d69723e808d9d462b018224ca82948eee9ab..1dde63602b1f2fb5c1fcc915235f1981d0b06197 100644
--- a/lib/private/legacy/json.php
+++ b/lib/private/legacy/json.php
@@ -64,7 +64,9 @@ class OC_JSON{
 	 * @deprecated Use annotation based ACLs from the AppFramework instead
 	 */
 	public static function checkLoggedIn() {
-		if( !OC_User::isLoggedIn()) {
+		$twoFactorAuthManger = \OC::$server->getTwoFactorAuthManager();
+		if( !OC_User::isLoggedIn()
+			|| $twoFactorAuthManger->needsSecondFactor()) {
 			$l = \OC::$server->getL10N('lib');
 			http_response_code(\OCP\AppFramework\Http::STATUS_UNAUTHORIZED);
 			self::error(array( 'data' => array( 'message' => $l->t('Authentication error'), 'error' => 'authentication_error' )));
diff --git a/lib/private/legacy/util.php b/lib/private/legacy/util.php
index a863348566e60e3d7d52d10134da889a481c334f..65d00c16388da7fadf2701523ccb0f93e1212488 100644
--- a/lib/private/legacy/util.php
+++ b/lib/private/legacy/util.php
@@ -970,6 +970,11 @@ class OC_Util {
 			);
 			exit();
 		}
+		// Redirect to index page if 2FA challenge was not solved yet
+		if (\OC::$server->getTwoFactorAuthManager()->needsSecondFactor()) {
+			header('Location: ' . \OCP\Util::linkToAbsolute('', 'index.php'));
+			exit();
+		}
 	}
 
 	/**