rx-otp
rx-otp copied to clipboard
Serious failure in verification
Hey
Unless i'm hugely missing something, Ù2F.verifyOTP
seems to have a significant flaw..
For example, with a base32_key
of VALN YFSX VQNO DANY L3HQ AENO 5FKY 4FMV
, U2F.verifyOTP accepts a valid code from my authenticator but it also accepts a low digit, such as 1
, 2
or 3
, with a delta between -1 and 1.
This doesn't seem to match the behaviour of other online TOTP validators.
Hi @TomMettam thanks for your issue but I don't see U2F.verifyOTP
in the documentation
Which method are you using? How did you generate your base_32
key?
Thanks