search

mooltipass / minible

Github repository containing the firmwares running on the Mooltipass Mini BLE
GNU General Public License v3.0
98 stars 21 forks source link

WebAuthN failed login ends to Mooltipass freeze / reboot #245

Closed limpkin closed 3 years ago

limpkin commented 3 years ago

Expected behavior

After WebAuthN failed register/login, the device should still work as usual, like before the operation

Actual behavior

After WebAuthN failed register/login, canceled by the PC before any reply on the mooltipass, the mooltipass will freeze periodically after the prompt and show "#002 Contact Support" and sometime "#005 Contact Support" message. The Mini BLE seems to loop indefinitely like that and some feature like WebAuthN or Memory Management Mode cannot be used from now. The Mini BLE will also restart if usb is unplugged (not always, but most of the time). The only found way to come back to normal use is to restart the Mini BLE.

Step by step guide to reproduce the problem

Bug reproduced on another Mini BLE/card pair but not tested on Windows.

  1. The Mini BLE is connected by usb with bluetooth disabled
  2. Go to a WebAuthN enabled website like https://webauthn.io (but not limited to)
  3. Register with WebAuthN and while the Mini BLE is asking you to save credentials, cancel the request on the PC
  4. Wait Mini BLE remove the prompt or reply anything
  5. The bug is now enabled

Operating System

Mooltipass Extension

Mooltipass Application

Mooltipass Device

limpkin commented 3 years ago

@TLeM4 is bluetooth enabled when this happens?

TLeM4 commented 3 years ago

@limpkin As written in the step-by-step, i usually disable Bluetooth but with one more test with Safari/MacOs it's seems that doesn't change anything : the bug is still present.

limpkin commented 3 years ago

@TLeM4 thanks a lot for reporting this issue to us... it turns out some funky USB choice on Ubuntu was causing a bigger issue on the Mini BLE.