Overview
There seems to be a bug when entering a code which starts with a digit which is also one of the trusted SMS index numbers.
Steps to Reproduce
- Attempt re-authorisation on an account which has a trusted number associated
2:
2024-07-31 23:41:30 DEBUG Authenticating...
2024-07-31 23:41:31 INFO Two-factor authentication is required (2fa)
0: ***** ****12
1: ***** ****34
Please enter two-factor authentication code or device index (0..1) to send SMS with a code:
- Enter code 000000
- Receive message:
Please enter two-factor authentication code that you received over SMS:
Expected Behavior
I expect icloudpd to attempt to authenticate to icloud using 000000 as the six digit MFA code
Actual Behavior
icloudpd recognises 000000 as 0 and an SMS with an MFA code is received to the mobile device number in index position 0
Context
I was attempting to simulate an MFA failure, so I could check the exit code of icloudpd, and potentially use this to confirm a successful/unsuccessful MFA attempt with my remote authentication feature. I found that entering an MFA code of 000000 sent an SMS to my mobile device, instead of processing it as a code.
I have seen a similar bug has been fixed in v 1.21.0, which allows MFA codes to have leading zeros: #891. I am currently running v1.22.0 so this is a separate, but similar issue. It would seem that MFA codes with leading zeros (and presumably leading 1s, 2s, 3s etc) may be mistaken for trusted device index numbers. Presumably this section of codes needs to be amended to check the input string length. If the string is a single digit, it is to be used as an SMS number index value. If it is 6 digits, it is recognised as an MFA code and used appropriately.
Overview
There seems to be a bug when entering a code which starts with a digit which is also one of the trusted SMS index numbers.
Steps to Reproduce
2:
2024-07-31 23:41:30 DEBUG Authenticating...
2024-07-31 23:41:31 INFO Two-factor authentication is required (2fa)
0: ***** ****12
1: ***** ****34
Please enter two-factor authentication code or device index (0..1) to send SMS with a code:
Please enter two-factor authentication code that you received over SMS:
Expected Behavior
I expect icloudpd to attempt to authenticate to icloud using 000000 as the six digit MFA code
Actual Behavior
icloudpd recognises 000000 as 0 and an SMS with an MFA code is received to the mobile device number in index position 0
Context
I was attempting to simulate an MFA failure, so I could check the exit code of icloudpd, and potentially use this to confirm a successful/unsuccessful MFA attempt with my remote authentication feature. I found that entering an MFA code of 000000 sent an SMS to my mobile device, instead of processing it as a code.
I have seen a similar bug has been fixed in v 1.21.0, which allows MFA codes to have leading zeros: #891. I am currently running v1.22.0 so this is a separate, but similar issue. It would seem that MFA codes with leading zeros (and presumably leading 1s, 2s, 3s etc) may be mistaken for trusted device index numbers. Presumably this section of codes needs to be amended to check the input string length. If the string is a single digit, it is to be used as an SMS number index value. If it is 6 digits, it is recognised as an MFA code and used appropriately.