2fas-ios icon indicating copy to clipboard operation
2fas-ios copied to clipboard

Published 20 hours ago verified publisher icon twofas

bug: Incorrect intitial HOTP code

Open adriamontoto opened this issue 7 months ago • 1 comments

Bug type

Error at runtime

App version

5.3.7

Device environment

iOS 17.5.1, iPhone 12 Pro

Bug description

I am facing an issue when generating OTP codes using HMAC. The first OTP code generated by 2FAS Auth does not match the first code generated by Google Authenticator or my python code.

Details:

  • URI: otpauth://hotp/test?secret=NLDCKV3Z7PIWGHFHYEMFWQQN63AU44CP&counter=0

  • Secret Key: NLDCKV3Z7PIWGHFHYEMFWQQN63AU44CP

  • Example: Expected First OTP (Python/Google Authenticator): 695386 (index 0) Actual First OTP (2FAS Auth): 441203 (which matches the second (index 1) OTP in Google Authenticator and my python code) I have tested this with other secret keys and the issue persists.

Comment

This discrepancy suggests that 2FAS Auth might be misaligning the OTP generation sequence or using a different starting point for the HMAC-based OTP calculation.

Solution

No response

Additional context

No response

Acknowledgements

  • [X] This issue is not a duplicate of an existing bug report.
  • [X] I understand that security vulnerabilities should be reported to [email protected] instead of on GitHub.
  • [X] I have chosen an appropriate title.
  • [X] All requested information has been provided properly.

adriamontoto avatar Jul 04 '24 12:07 adriamontoto