-
Notifications
You must be signed in to change notification settings - Fork 308
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Check Yubikey OTP length before validating #3746
Comments
Additional to all OTP values, where we know, how long the otp value should be, we could...
This can only happen with otppin=none |
I have created a little test for different errors from
We have no way of telling a user what is wrong because we do not interpret the return value: privacyidea/privacyidea/lib/token.py Lines 2030 to 2035 in a1b187f
|
should we implement this for totp, hotp, SMS and email too? |
According to the docs the Yubikey OTP is always 44 chars long (https://developers.yubico.com/OTP/OTPs_Explained.html).
We can check the length of the given OTP before doing any further validation (this is also true for HOTP/TOTP/Email/SMS token).
That way we can identify possible broken input before getting cryptic errors like "CRC checksum failed".
The text was updated successfully, but these errors were encountered: