GHSA-rmmc-8cqj-hfp3

Описание

Versions of otpauth prior to 3.2.8 are vulnerable to Authentication Bypass. The package's totp.validate() function may return positive values for single digit tokens even if they are invalid. This may allow attackers to bypass the OTP authentication by providing single digit tokens.

Recommendation

Upgrade to version 3.2.8 or later.