Jump to content
Enpass Discussion Forum

[6.3.0] TOTP Broken


Dianoga

Recommended Posts

I updated to the latest version of Enpass this morning and it appears there is an issue with TOTP generation. All my accounts that have a secret stored are now reporting "Invalid TOTP Secret".

I tried disabling 2fa for one of those accounts and setting it up again with the same result. I have backup codes I can use for a very brief period, but this is a pretty significant issue.

Additional info after further testing:

It looks like it may not like it when there are spaces in the secret. When I tried setting it up again using the QR code and Enpass 6.2 on Android it generates codes as expected.

Edited by Dianoga
Did more testing
Link to comment
Share on other sites

same problem here, removing the spaces fixed the issue. VERY scary as i could have lost access to some important accounts. Enpass always ignored spaces before, it should continue to do so. why was this changed and why wasn't this caught in testing? little, but very important, mistakes like this make me very wary of upgrading in the future!

  • Like 1
Link to comment
Share on other sites

This has affected everyone i know who is using Enpass.

Come on Devs, you can't be making mistakes like this which can potentially lock everyone out of all of their accounts. Some people have got hundreds of passwords and it could take days to resolve login issues like this, even per account to regain access.

 

This is a really poor show!

 

Link to comment
Share on other sites

@Ankur Gupta As you commented in the thread and is a part of the "enpass" team....

Now after some more posts, you can see you do not  need any samples as the problem is 100% clear.

Please say something!

How can you act so slow for such a critical incident? We could at least expect a fast reply that you are sorry for the bug and will go for a quick fix. Why this silence? Show us that you care for your customers! 

 

/Peo

Link to comment
Share on other sites

On 11/19/2019 at 1:17 PM, neolidas said:

i have removed the blank characters from the codes then TOTP works again

Cheers m8, worked on my end.

On 11/20/2019 at 11:21 AM, pos said:

We have 10 users with this problem after the latest update!

Bad testing procedure Enpass!

10 that submitted the error, I'm sure countless others are having the problem as well. Bad testing for sure, but it's happened before and probably won't stop here, sadly the developers don't seem very focused imo.

On 11/20/2019 at 9:38 PM, scottjl said:

same problem here, removing the spaces fixed the issue. VERY scary as i could have lost access to some important accounts. Enpass always ignored spaces before, it should continue to do so. why was this changed and why wasn't this caught in testing? little, but very important, mistakes like this make me very wary of upgrading in the future!

Gatta setup backup codes, without them, I'd freak out.

Link to comment
Share on other sites

On 11/24/2019 at 2:53 AM, Pete said:

Cheers m8, worked on my end.

10 that submitted the error, I'm sure countless others are having the problem as well. Bad testing for sure, but it's happened before and probably won't stop here, sadly the developers don't seem very focused imo.

Gatta setup backup codes, without them, I'd freak out.

Same problem for me. I reported the issue via email. At the same time it’s good to have a recovery way, so I suggest using https://github.com/moldabekov/gauth for that cases. At least it saved me.

Edited by Mark I
Link to comment
Share on other sites

On 11/19/2019 at 11:36 PM, Ankur Gupta said:

Hi guys,

Sorry for the inconvenience caused to you. We are not able to reproduce the issue.

Could you please create a sample TOTP URL secret for that particular website to check if that works? if it still fails, please share that sample URL so that we can investigate the issue.

Thanks.

hello Ankunr

it is showing invalid totp in case of Secret having Spaces 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...