alwaysdata All Projects: Tasklist

	ID	Status	Summary	Opened by
	~~204~~	Closed	~~Title: Expired TOTP Code Accepted – Broken 2FA Validati~~ ...	nexxp	Task Description #Description: During testing, I found that the TOTP code verification does not properly validate the expiry window. Even after waiting for the OTP to expire (30s), I was still able to use the expired code to perform sensitive actions like updating my profile. #Impact: Replay attack possible using previously used OTPs. Weakens 2FA mechanism. May allow attackers to bypass intended security checks. #Steps to Reproduce: Enable 2FA on account. Generate OTP via authenticator app. Wait for 30 seconds until OTP expires. Submit the expired OTP. Server still processes the action (profile updated). #Expected Behavior: The expired OTP should be rejected. #Actual Behavior: Expired OTP is accepted.

~~204~~

Closed

~~Title: Expired TOTP Code Accepted – Broken 2FA Validati~~ ...

Task Description

#Description:
During testing, I found that the TOTP code verification does not properly validate the expiry window. Even after waiting for the OTP to expire (30s), I was still able to use the expired code to perform sensitive actions like updating my profile.

#Impact:

Replay attack possible using previously used OTPs.

Weakens 2FA mechanism.

May allow attackers to bypass intended security checks.

#Steps to Reproduce:

Enable 2FA on account.

Generate OTP via authenticator app.

Wait for 30 seconds until OTP expires.

Submit the expired OTP.

Server still processes the action (profile updated).

#Expected Behavior:
The expired OTP should be rejected.

#Actual Behavior:
Expired OTP is accepted.

Showing tasks 1 - 1 of 1 Page 1 of 1

Available keyboard shortcuts

Alt + ⇧ Shift + l Login Dialog / Logout
Alt + ⇧ Shift + a Add new task
Alt + ⇧ Shift + m My searches
Alt + ⇧ Shift + t focus taskid search

Tasklist

o open selected task
j move cursor down
k move cursor up

Task Details

n Next task
p Previous task
Alt + ⇧ Shift + e ↵ Enter Edit this task
Alt + ⇧ Shift + w watch task
Alt + ⇧ Shift + y Close Task

Task Editing

Alt + ⇧ Shift + s save task