Skip to content

Bug: Integer Underflow in TOTP Validation #97

New issue
New issue
Open
#98
Open
Bug: Integer Underflow in TOTP Validation#97
#98
@Laotree

Description

@Laotree
Laotree
opened on Nov 29, 2024

When validating TOTP with Skew > 0 and the current time window counter is 0,
the validation logic attempts to check previous time windows by subtracting
from counter 0, resulting in negative values. This is invalid as HOTP counters
must be non-negative integers.

Example:

  • Current counter = 0
  • Skew = 1
  • Results in checking counters: [0, 1, -1] // -1 is invalid

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions