multiOTPCredentialProvider dropping the first letter of the username at lookup

[devopsido]

After upgrading a "standalone" installation on a workgroup computer (from 5.8.2.9 to 5.8.8.0) we were consistently seeing the error for a wrong One-Time Password.

After increasing debug level and checking the logs, the user account being checkd by MultiOTP was missing the first character of the username. For example for a user who logged in with the name 'admin' we see a log entry for the user dmin:

2022-05-21 13:20:10 warning System Error: database file C:\PATH_TO\multiOTP.\users\dmin.db for user dmin does not exist 0 SERVERNAME

If I copy the file admin.db and rename it dmin.db login proceeds as expected.

Unfortunately, rolling back to the old version has not resolved this issue. Any asistance would be appreciated!

[multiOTP]

Hello, What did you do as a rollback exactly ? uninstall 5.8.2.9 and reinstall 5.8.8.0, or just replacing the DLL ? What do you mean by "at lookup" ? Is it during the initial logon, or at another time ? We are not able to reproduce the issue here.

[devopsido]

I have tried both uninstalling and re-installing the old version (when you try to just install the old version OVER the newer version the MSI prevents this). When I did revert to 5.8.2.9 the missing character issue persisted. I restored from backup to go back to 5.8.2.9 and have it work.

I have not tried just replacing the DLL -- is that a possibility that I shoud try?

By "at lookup" I mean that the user has already "passed" the username and password validation of Windows -- the lookup I am referring to is MultiOTP doing the lookup of the user's second factor. Sorry, I don't know the proper terminology here. I specify this because the username "dmin" is not valid to login to windows, but that is what is being checked by MultiOTP for a second factor. The fact that it gets to the point of looking up the second factor means that the username "admin" is valid.

I have tried several iterations (some a few times) including: Installing 5.8.8.0 over 5.8.2.9, Uninstalling 5.8.2.9 and installing 5.8.8.0. Each time the first character of the username is lost after going to 5.8.8.0 and the issue remains after uninstalling and going back to 5.8.2.9. I have rolled the VM back as the only way to get it working again.

I am happy try again and to capture some additional info if you would like.

[devopsido]

I just tried it replacing ONLY the 2 dll files and I see the same issue, but I am able to put the 5.8.2.9 dlls back and it works again.

I see sucessful logins before the switch in the log:

2022-05-22 16:32:06 notice testuser User OK: User testuser successfully logged in (using Credential Provider) with YubicoOTP token 0 SERVERNAME

Then the failure after the switch:

2022-05-23 15:55:49 warning System Error: database file PATH\multiOTP.\users\estuser.db for user estuser does not exist 0 SERVERNAME

Putting back the old dlls resolves and allows login again.

[multiOTP]

Please send us your email address to info@multiotp.net and we will send you a specific DLL to test.

[devopsido]

Done. Ready to test!

[multiOTP]

New DLLs in interrnal tests, you will be kept in touch soon.

[multiOTP]

Version 5.9.0.3 is now available and resolve various issues, including this one.