OpenVPN GUI / Issues / #24 Auth fails with pass

#24 Auth fails with pass > 49 characters

Milestone: bug

Status: closed-fixed

Owner: Heiko Hund

Labels: openvpn-gui (21)

Priority: 5

Updated: 2012-03-30

Created: 2012-03-07

Creator: js

Private: No

When the user's password is longer than 49 characters, authentication fails. If the password length is decreased to 49 characters, authentication is successful.

This inhibits the use of some types of two-factor hardware tokens, like YubiKeys, which allow you to submit both factors (password + hardware generated OTP) by appending the OTP string to the end of the password. In YubiKey's case, the OTP string is 44 characters, which leaves only 5 characters for the user's actual password, which is prohibitively short.

Passwords > 49 characters work fine with the openvpn GUI software I've tested on OS X, such as Tunnelblik.

Could we please increase this to something larger like 100 characters?

I'd guess the issue is this line in openvpn.c:
206 TCHAR buf[50];
but I don't have the tools to compile it and test.

Thanks.

Discussion

Heiko Hund - 2012-03-30

Thanks for the report!

This is fixed in git now. The next binary snapshot of the GUI and/or openvpn-2.3 alpha installer will contain the changes.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Heiko Hund - 2012-03-30

status: open --> closed-fixed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Auth fails with pass > 49 characters

Group

Searches

Help

#24 Auth fails with pass > 49 characters

Discussion