[Google Authenticator] One time passwords that start with 0 are not handled correctly

Back to Forums

Coz

Solved

Question

Forge

Hi,

We found a bug in this extension. In case the one time password starts with 0 (there could be more than one 0) the CalculateOneTimePassword method returns the password without the zero(s). It's actually returning an integer.

The RFC 6238 mentioned in the description specifies that those zero(s) should be added:

result = Integer.toString(otp);
while (result.length() < codeDigits) {
 result = "0" + result;
}

Can this be fixed? I don't know how these Forge components are handled, if the owner cannot do it, can somebody else do the fix and publish the component to Forge?

02 Aug 2018

Ricardo Silva

Solution

The code I have is returning a string and adding the 0's at the start:

Can you tell me where you're seeing this behavior? Is it when using the Java version?

03 Aug 2018

Coz

Hi Ricardo,

I checked and apparently there was a confusion from my part. I don't know what GoogleAuthenticator extension we've got installed but it's not this one (or it's an older version).

My apologies.

06 Aug 2018

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.

See the full guidelines