Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Writing TOTP15 overwrites HOTP1 #91

Open
szszszsz opened this issue Jun 22, 2019 · 0 comments · May be fixed by #93
Open

Writing TOTP15 overwrites HOTP1 #91

szszszsz opened this issue Jun 22, 2019 · 0 comments · May be fixed by #93
Assignees
Labels
bug prio:high Makes the device difficult to use, or insecure.
Milestone

Comments

@szszszsz
Copy link
Member

szszszsz commented Jun 22, 2019

Writing TOTP15 slot overwrites HOTP1, and vice versa. Code corrected to use the 3rd additional OTP slot page fixes the issue, but makes the TOTP not working at all (all TOTP tests fail; TOTP slots details seem to not be writeable).

Frequency: always
Version: current master - pre-v0.54-3-7-gb127c51 / b127c51.

Branch with fix: 91-otp_issue
Added tests to libnitrokey (current master) for quick reproduction. Names:

  • test_OTP_all_rw
  • test_edge_OTP_slots

CC @NKelias

@szszszsz szszszsz added bug prio:high Makes the device difficult to use, or insecure. labels Jun 22, 2019
@szszszsz szszszsz added this to the v0.54 milestone Jun 22, 2019
szszszsz added a commit that referenced this issue Jun 24, 2019
Workaround for issue #91
To be removed in further release.

Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
szszszsz added a commit that referenced this issue Jun 24, 2019
Workaround for issue #91
To be removed in further release.

Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
szszszsz added a commit that referenced this issue Jun 24, 2019
Workaround for issue #91
To be removed in the further release.

Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
szszszsz added a commit that referenced this issue Jun 24, 2019
Block write to TOTP#15.
This is a temporary workaround for #91.
@szszszsz szszszsz modified the milestones: v0.54, v0.55 Jun 24, 2019
@NKelias NKelias linked a pull request Jun 25, 2019 that will close this issue
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug prio:high Makes the device difficult to use, or insecure.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants