Jump to content
Dianoga

[6.3.0] TOTP Broken

Recommended Posts

I updated to the latest version of Enpass this morning and it appears there is an issue with TOTP generation. All my accounts that have a secret stored are now reporting "Invalid TOTP Secret".

I tried disabling 2fa for one of those accounts and setting it up again with the same result. I have backup codes I can use for a very brief period, but this is a pretty significant issue.

Additional info after further testing:

It looks like it may not like it when there are spaces in the secret. When I tried setting it up again using the QR code and Enpass 6.2 on Android it generates codes as expected.

Edited by Dianoga
Did more testing

Share this post


Link to post
Share on other sites

Hi guys,

Sorry for the inconvenience caused to you. We are not able to reproduce the issue.

Could you please create a sample TOTP URL secret for that particular website to check if that works? if it still fails, please share that sample URL so that we can investigate the issue.

Thanks.

Share this post


Link to post
Share on other sites

Same issue, removing spaces from the stored secret resolves the issue. This is a regression as spaces were previously ignored.

Note that many web sites and apps generate TOTP secrets with spaces in them. Having to manually remove the spaces is a pain.

  • Like 1

Share this post


Link to post
Share on other sites

same problem here, removing the spaces fixed the issue. VERY scary as i could have lost access to some important accounts. Enpass always ignored spaces before, it should continue to do so. why was this changed and why wasn't this caught in testing? little, but very important, mistakes like this make me very wary of upgrading in the future!

  • Like 1

Share this post


Link to post
Share on other sites

This has affected everyone i know who is using Enpass.

Come on Devs, you can't be making mistakes like this which can potentially lock everyone out of all of their accounts. Some people have got hundreds of passwords and it could take days to resolve login issues like this, even per account to regain access.

 

This is a really poor show!

 

Share this post


Link to post
Share on other sites

@Ankur Gupta As you commented in the thread and is a part of the "enpass" team....

Now after some more posts, you can see you do not  need any samples as the problem is 100% clear.

Please say something!

How can you act so slow for such a critical incident? We could at least expect a fast reply that you are sorry for the bug and will go for a quick fix. Why this silence? Show us that you care for your customers! 

 

/Peo

Share this post


Link to post
Share on other sites

Same Problem here ...

This error is an absolute no-go!

 

On 11/19/2019 at 7:17 PM, neolidas said:

i have removed the blank characters from the codes then TOTP works again

That works, thank you!

Share this post


Link to post
Share on other sites
On 11/19/2019 at 1:17 PM, neolidas said:

i have removed the blank characters from the codes then TOTP works again

Cheers m8, worked on my end.

On 11/20/2019 at 11:21 AM, pos said:

We have 10 users with this problem after the latest update!

Bad testing procedure Enpass!

10 that submitted the error, I'm sure countless others are having the problem as well. Bad testing for sure, but it's happened before and probably won't stop here, sadly the developers don't seem very focused imo.

On 11/20/2019 at 9:38 PM, scottjl said:

same problem here, removing the spaces fixed the issue. VERY scary as i could have lost access to some important accounts. Enpass always ignored spaces before, it should continue to do so. why was this changed and why wasn't this caught in testing? little, but very important, mistakes like this make me very wary of upgrading in the future!

Gatta setup backup codes, without them, I'd freak out.

Share this post


Link to post
Share on other sites
On 11/24/2019 at 2:53 AM, Pete said:

Cheers m8, worked on my end.

10 that submitted the error, I'm sure countless others are having the problem as well. Bad testing for sure, but it's happened before and probably won't stop here, sadly the developers don't seem very focused imo.

Gatta setup backup codes, without them, I'd freak out.

Same problem for me. I reported the issue via email. At the same time it’s good to have a recovery way, so I suggest using https://github.com/moldabekov/gauth for that cases. At least it saved me.

Edited by Mark I

Share this post


Link to post
Share on other sites
On 11/19/2019 at 11:36 PM, Ankur Gupta said:

Hi guys,

Sorry for the inconvenience caused to you. We are not able to reproduce the issue.

Could you please create a sample TOTP URL secret for that particular website to check if that works? if it still fails, please share that sample URL so that we can investigate the issue.

Thanks.

hello Ankunr

it is showing invalid totp in case of Secret having Spaces 

Share this post


Link to post
Share on other sites

Hi All,

Sorry for the trouble you are going through.

We are already aware of this issue and our Dev team is working on it. Hopefully, fix will be available very soon. Till then, we will request you to please co-operate with us.

Thanks!

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...