otpauth@3.2.3 vulnerabilities

One Time Password (HOTP/TOTP) library for Node.js, Deno, Bun and browsers

latest version

9.2.3
latest non vulnerable version

9.2.3
first published

7 years ago
latest version published

23 days ago
licenses detected
- MIT
  >=0
View otpauth package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the otpauth package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Authentication Bypass otpauth is an One Time Password (HOTP/TOTP) authentication library for Node.js and browser. Affected versions of this package are vulnerable to Authentication Bypass. The `totp.validate()` function may return positive values for single digit tokens even if they are invalid. This may allow attackers to bypass the OTP authentication by providing single digit tokens. How to fix Authentication Bypass? Upgrade `otpauth` to version 3.2.8 or higher.	<3.2.8

Authentication Bypass

otpauth is an One Time Password (HOTP/TOTP) authentication library for Node.js and browser.

Affected versions of this package are vulnerable to Authentication Bypass. The totp.validate() function may return positive values for single digit tokens even if they are invalid. This may allow attackers to bypass the OTP authentication by providing single digit tokens.

How to fix Authentication Bypass?

Upgrade otpauth to version 3.2.8 or higher.

<3.2.8

Go back to all versions of this package

otpauth@3.2.3 vulnerabilities

One Time Password (HOTP/TOTP) library for Node.js, Deno, Bun and browsers

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities