otpauth@3.0.7 vulnerabilities

One Time Password (HOTP/TOTP) library for Node.js, Deno, Bun and browsers

Direct Vulnerabilities

Known vulnerabilities in the otpauth package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Authentication Bypass

otpauth is an One Time Password (HOTP/TOTP) authentication library for Node.js and browser.

Affected versions of this package are vulnerable to Authentication Bypass. The totp.validate() function may return positive values for single digit tokens even if they are invalid. This may allow attackers to bypass the OTP authentication by providing single digit tokens.

How to fix Authentication Bypass?

Upgrade otpauth to version 3.2.8 or higher.

<3.2.8