rx-otp icon indicating copy to clipboard operation
rx-otp copied to clipboard

Published 20 hours ago verified publisher icon akanass

Serious failure in verification

Open TomMettam opened this issue 1 year ago • 1 comments

Hey

Unless i'm hugely missing something, Ù2F.verifyOTP seems to have a significant flaw..

For example, with a base32_key of VALN YFSX VQNO DANY L3HQ AENO 5FKY 4FMV, U2F.verifyOTP accepts a valid code from my authenticator but it also accepts a low digit, such as 1, 2 or 3, with a delta between -1 and 1.

This doesn't seem to match the behaviour of other online TOTP validators.

TomMettam avatar Sep 19 '22 22:09 TomMettam

Hi @TomMettam thanks for your issue but I don't see U2F.verifyOTP in the documentation

Which method are you using? How did you generate your base_32 key?

Thanks

akanass avatar Sep 20 '22 13:09 akanass