Why doesn't OneTime work when some text fields are highlighted


#1

When I try to use OneTime to log into my vpn, I get an error message. If I do the same thing in a terminal, it works fine.

[I’D INSERT A SCREENSHOT HERE, BUT I’M A NEW USER AND CAN’T UPLOAD IMAGES]

The error is


Error
Unable to challenge Yubikey: Unable to open Yubikey: code 1 (USB errror)

I opened a support ticket about this a month ago, but I haven’t gotten a response… which is pretty disappointing. Not very customer friendly to just leave me hanging.


#2

Apologies for the systems marking your messages as SPAM. Just to close the loop on this, in case any other users see similar issues, we have been able to reproduce this issue with Tunnelblick. The secure credential prompt for that software is preventing communication with the Yubikey, blocking USB. We are investigating.


#3

I’m having the same problem. It works to Insert the OTP to random applications, but when I try to do so to an input field in Chrome, it gives me the exact same error. This is extremely frustrating.


#4

As an update to this, it only seems to be the case with “password” type inputs.


#5

This is a problem on Mac OS X with Password fields due to EnableSecureEventInput. In short, the OS prevents access to the HID interface required for challenge / response with the Yubikey. This is the same root cause behind issues like this with Terminal when Secure Text Input is enabled. We’ve done some research on this, but there does not appear to be a way we can bypass.

If you purchased OneTime for Yubikey recently and this problem and it is preventing you from using the software please get in touch with us at support@zetetic.net and we’ll issue you a refund.


#6

That is very unfortunate. This to me appears to be the main goal of this application…

Is there no workaround or alternative available?

Regards,

Niels


#7

Could this be a workaround;

  • check if current field is EnableSecureEvent
  • focus somewhere else and copy TOTP to clipboard/variable
  • focus back to EnableSecureEvent field
  • paste the TOTP value from clipboard/variable

Something like this is discussed here;


#8

Unfortunately we’ve done quite a bit of experimentation on this, but the results aren’t good.

We can avoid the direct typing in the password text box using the clipboard, and trigger a paste event to get data into the protected field. This fixes one part of the problem, however, even a prototype build that temporarily switches out focus from the password text field to a different window is blocked from accessing the USB device. It appears that if there is a password field with focus in any application the Yubikey access is blocked. This basically means that we can get data into the field just fine, but we can’t submit the signing request to the Yubikey.

Thus, as a result, we don’t see a very good way to fix this right now. If you purchased recently and this issue makes it impossible for you to use the app, please contact us at support@zetetic.net for a full refund/