From 89f6c07ce37e4f4038962696bfb02bd168749005 Mon Sep 17 00:00:00 2001 From: Jamie Cameron Date: Tue, 18 Jan 2022 22:26:06 -0800 Subject: [PATCH] Twofactor token can be 16, 26 or 32 characters --- webmin/twofactor-funcs-lib.pl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/webmin/twofactor-funcs-lib.pl b/webmin/twofactor-funcs-lib.pl index 5d4195fc6..470567b94 100644 --- a/webmin/twofactor-funcs-lib.pl +++ b/webmin/twofactor-funcs-lib.pl @@ -176,7 +176,8 @@ sub show_twofactor_form_totp { my ($user) = @_; my $secret = $user->{'twofactor_id'}; -$secret = undef if ($secret !~ /^[A-Z0-9=]{16}$/i); +$secret = undef if ($secret !~ /^[A-Z0-9=]+$/i || + (length($secret) != 16 && length($secret) != 26 && length($secret) != 32)); my $rv; $rv .= &ui_table_row($text{'twofactor_secret'}, &ui_opt_textbox("totp_secret", $secret, 20, $text{'twofactor_secret1'},