Upgraded to 5.8.1 and authentication now fails for all users?
Upgraded to 5.8.1 on the VM version by copying the new files over the original and its stopped working...
All users are failing authentication. If I test locally from the GUI I get 'failed (99 ERROR: Authentication failed (and other possible unknown errors)).
Not sure how to debug it?
This discussion has been closed.
Comments
A new 5.8.1.1 version has been immediately published the 2021-03-14 before noon on GitHub.
The bug detail is hereunder :
The OTP tokens are calculated based on:
- a secret key per token
- an incremental counter
For HOTP tokens, the counter is simply incrementing each time we ask for a new code to display.
For TOTP tokens (like the tokens used in almost all case now), the counter value is the Unix Epoch (number of elapsed seconds since 01.01.1970) divided by a time windows (most of the time 30 or 60). This will generate a new code every 30 or 60 seconds.
Based on the secret key and the incremental counter, an OTP is calculated, based on an hash-based message authentication code (generally HMAC-SHA1). The data is obtained by transforming the counter into a suite of unsigned chars.
After running a lot of unit tests on the non-patched (5.8.1.0) version on our side, we found that the problem occurs from 2021-03-13 14:20:00 - 2021-03-18 03:08:00 (for the 30 seconds tokens).
The multibyte version of the native string length function was faulty in some cases, and we have replaced it by the non-multibyte version of the native string length function.