Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Visual bug(?) allowing me to log in with "incorrect" TOTP code #74

Closed
noClaps opened this issue Jun 23, 2022 · 3 comments · Fixed by #78
Closed

Visual bug(?) allowing me to log in with "incorrect" TOTP code #74

noClaps opened this issue Jun 23, 2022 · 3 comments · Fixed by #78

Comments

@noClaps
Copy link

noClaps commented Jun 23, 2022
edited

I recently reinstalled the app, and so I had to log in to my account again. I entered my username and password correctly.

When it came to the TOTP screen, I switched to my authenticator app and copied the code. When I switched back, I went to type it in manually, and typed in the first 2 characters. I then noticed the prompt to fill it in at the bottom, and so I did, but it didn't overwrite the first 2 characters I put in, it just added the code to it.

For example, if my code was 123456, I would have manually typed in 12, then seen the prompt at the bottom and clicked on it, and it would fill in the other 4 characters with 1234, making the code on the screen 121234.

This understandably gave me the "TOTP incorrect" error, but only for a second before it logged me into the app. I even got an email saying there was an unsuccessful attempt to log in to my SimpleLogin account, and that the TOTP was incorrect.

After further testing with what it would and wouldn't accept, I found that you do require the correct code to be autofilled from the prompt for it to work, which makes me think it's a visual bug and the manually typed numbers aren't getting deleted on screen. However, this does make me curious about the email I got.

Steps to reproduce:

  1. Open SimpleLogin app and log in with credentials
  2. On TOTP screen, copy the code from your authenticator app. I used Aegis so it just let me tap on the SimpleLogin entry to copy.
  3. Type in a few random numbers (up to 5), and then click on the prompt below to autofill the copied TOTP code.
  4. Incorrect TOTP code warning will flash for a second before the app will close. Reopening the app will show you that you are logged in and can see your aliases.
  5. I also received an email the first time saying there was an unsuccessful attempt to log in, but did not receive anything on subsequent attempts.

Android version: 12
App version: simplelogin-playstore-1.14.1.apk
@noClaps
Copy link
Author

noClaps commented Jul 1, 2022

Persists in SimpleLogin 1.15.0.

I recieved the unsuccessful attempt email again when I tested on the new version.

@nguyenkims
Copy link
Collaborator

@ntnhon @cquintana92 do you know if this is a known issue?

@cquintana92
Copy link
Collaborator

I think I've found the issue. Will create a PR for fixing it in the next release 👍

@cquintana92 cquintana92 mentioned this issue Jul 4, 2022
Merged
@ntnhon ntnhon closed this as completed in #78 Jul 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix TOTP from clipboard with existing content simple-login/Simple-Login-Android
3 participants
@nguyenkims @cquintana92 @noClaps