Closed Bug 1850218 Opened 2 years ago Closed 2 years ago

FIDO/Webauthn security key PIN fails as incorrect when correct

Categories

(Core :: DOM: Web Authentication, defect, P3)

Product:
Core
Component:
DOM: Web Authentication
Version:
Firefox 116
Type:
defect

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: accounts+github, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/116.0

Steps to reproduce:

I have set up a Yubikey as a FIDO/Webauthn device for a couple of accounts. When I attempt to log into a site with my yubikey, Firefox asks for the PIN, which I have set. I enter the correct PIN (which I am certain is correct, as it works for both Chrome and the terminal for SSH keys). Firefox reports that it is an 'Incorrect PIN' and uses one of my retry attempts for the PIN.
I am running OpenSUSE Tumbleweed, and this bug doesn't seem to occur on Windows - this may be because it uses the Windows dialog rather than the Firefox one to enter the PIN.

Actual results:

PIN reported as incorrect + uses a PIN retry attempt

Expected results:

PIN accepted and access to service granted

The Bugbug bot thinks this bug should belong to the 'Core::DOM: Web Authentication' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → DOM: Web Authentication
Product: Firefox → Core

Update:
I updated the PIN on OpenSUSE (which I had previously set on Windows via the yubikey manager) and it now works as expected by accepting the new PIN and granting access.

I'll let someone else decide if this bug is therefore resolved, as while it does now work, presumably it is still a bug that it failed to work earlier.

Is your new PIN different from your old PIN? I'm wondering if there's a character encoding issue.

Also, if your new PIN is different, is it a different length? Was the old PIN shorter than 4 characters or longer than 64?

(In reply to John Schanck [:jschanck] from comment #3)

Is your new PIN different from your old PIN? I'm wondering if there's a character encoding issue.

Also, if your new PIN is different, is it a different length? Was the old PIN shorter than 4 characters or longer than 64?

Thanks for your response.

Yes, it is different - they both contained A-Z upper and lowercase, 0-9, as well as various punctuations - I can't remember precisely which were in each, but it would have been several of !, %, *, and - (possibly ( and ) also). I had written it down but I don't currently have access to the paper on which I wrote it. Apologies I can't be of more specific help.

It is a different length - neither PIN is/was shorter than 4 characters or longer than 64, however.

Would you be willing to change your PIN again using Windows to see if this is reliably reproducible? I haven't been able to reproduce it myself.

Severity: -- → S3
Priority: -- → P3

(In reply to John Schanck [:jschanck] from comment #5)

Would you be willing to change your PIN again using Windows to see if this is reliably reproducible? I haven't been able to reproduce it myself.

Apologies for my delayed response. I changed the PIN in Windows then tested logging in with Firefox on Tumbleweed to various services - my PIN was accepted and I was able to log in fine.

Thanks, given that we can't reproduce this, I'll close the bug.

Status: UNCONFIRMED → RESOLVED
Closed: 2 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.