[RADIATOR] Bug in HOTP verification
Gopstein, Richard
richard.gopstein at bms.com
Thu Apr 16 13:00:42 CDT 2009
Authentication fails for HOTP values with a leading zero.
In AuthSQLHOTP.pm,
if ($hotp eq $code)
{
$found++;
$bad_logins = 0;
($counter_high, $counter_low) = ($temp_high, $temp_low);
last;
}
}
Fails the string to numeric comparison when there is a leading zero. Setting $hotp = sprintf("%06d",$hotp) fixes the symptom.
Rich
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20090416/de0ecc28/attachment.html>
More information about the radiator
mailing list