wp_2fa_totp_key Keep changing Automatically
-
Hi,
I am using premium version of this plugin, the issue I am facing is, the wp_2fa_totp_key keep changing after some time so when we try to login with TOTP code generated using the TOTP key user has during setup gives an error ‘Invalid key’. I tried to debug the code and found that this is happening because ofif ( Open_SSL::is_ssl_available() && false !== \strpos( $key, Open_SSL::SECRET_KEY_PREFIX ) ) {
error_log('$key'.$key);
$key = Open_SSL::decrypt( substr( $key, 4 ) );
/**
* If for some reason the key is not valid, that means that we have to clear the stored TOTP for the user, and create new on
* That could happen if the global stored secret (plugin level) is deleted.
*
* Lets check and if that is the case - create new one
*/
if ( ! Authentication::validate_base32_string( $key ) ) {
self::$totp_key = '';
self::remove_user_totp_key( $user );
$key = self::get_totp_key( $user );
$key = Open_SSL::decrypt( substr( $key, 4 ) );
}
}Here we are generating the code is generating another key if the global stored secret (plugin level) is deleted. Could you please let me know why this is happening again and again.
Due to that our team is facing issue in login to the website.File Path :
wp-content/plugins/wp-2fa-premium/includes/classes/Admin/Methods/class-totp.php
Line No: 414
Screenshot : The key keeps changing automatically after some time.
- You must be logged in to reply to this topic.