Security vulnerabilities in Google Authenticator (2)
-
Time-Based-Side-Channel-Attack on 2FA secrets – (Google Authenticator <= 0.54)
The plugin uses string comparison operators that don’t mitigate time-based attacks in almost all places where secret keys are compared to user input. A skilled attacker, given enough requests, can abuse this to reverse secrets using time-based-side-channel attacks.
-
Compromise of 2FA secrets codes possible through read-only SQLi – (Google Authenticator-Factor <= 0.54)
The plugin stores users’ TOTP secret keys as plaintext in the database. An attacker that can obtain one of the seemingly never-ending read-only SQL-Injections will be able to bypass all 2FA checks for all users indefinitely.