When unlocking Yubikey's TOTP account with tap to unlock the blurred background overlay doesn't go away on tap on v6.3.1 / v6.3.0

[jacobthompson101]

Hey, I really like the Yubikeys and have been using them for a couple of months now after doing some research into them online.

This is a new (to me) issue on my coworker's computer and I didn't see anything under currently opened issues on this repo. I just installed the Yubico Authenticator desktop v6.3.1 (msi download - not the Windows Store version) last Friday from the Yubico website and when I set up one of the Yubikey's QR TOTP accounts for them - it was able to scan a QR code just fine (we had to try several times as we had 1-2 unrelated issues setting up after closing a popup window by mistake), but then once set up out of the blue (on both Yubikeys - Nano and NFC USB-A) the unlock screen tap button would not disappear when tapping so we couldn't access the generated TOTP number. Not entirely sure but I think something might have changed/moved behind the transparent screen when tapped though.

Separately the security key tap functionality worked correctly for them to access their Gmail account as 2FA and also in Duo 2FA the roaming authenticator was setup and tapping also worked. I can reconfirm more information sometime later tomorrow in the Atlantic timezone. The v6.3.1 was installed on Windows (10 or 11), also importantly there is a Windows administrator account that requires a pin whenever installing user account software, so I wonder if I set their computer up differently than mine that is causing some sort of issue, or if I need to run Yubico Authenticator as administrator each time? I haven't had the same issue on my own work computer yet or my personal laptop, and I tried sending the v6.3.0 msi installer of the working version from my work laptop to my coworker and reinstalled but to no avail. Is there any information I can send to help debug this issue? Is there an older closed issue related to something like this?

I'll see if I can reproduce the issue tomorrow and get a screenshot from their computer this time, but it did happen on both of their Yubikeys which is why I suspect something might be software related in a recent update, or at least specific to their computer or how it was installed. Although I wonder if it is possible if something got corrupted when saving the Yubikey QR code? They do have an old issue I didn't know about on one of their USB-A ports, so we switched to using the other working USB-A port instead after their laptop wasn't able to recognize the Yubikey in the faulty port (the USB port flaked out after we added the TOTP account to the Yubikey). Sorry for all the words to describe the issue but I wanted to include anything relevant to the issue and environment! Thanks for any help on this issue and keep up the great work!

[dainnilsson]

When triggering the OTP generation from the app, does the YubiKey LED begin flashing? And does pressing the button then cause it to stop flashing? If the answer is yes to both, then it would seem that the YubiKey itself is behaving correctly, but something is preventing the app from completing the operation. If possible, please try the following:

1. Launch the app and insert the YubiKey.
2. From the navigation drawer, open "Help and about", and change the "Log level" to "Debug".
3. Close the "Help and about" dialog, and try to activate the credential.
4. Press the button when the YubiKey LED flashes. Even if you are unable to get the dialog to close by pressing the button, it should time out and close after a few seconds (15 or so). If it doesn't close on its own, you may have to physically remove the YubiKey, which should close it.
5. Re-open the "Help and about" dialog and press the "Copy log" button.
6. Paste the contents of the log as a reply here.

You may want to look over the log for any personal information that you may want to remove (it might contain the serial number of your YubiKey, the names of the credentials, etc.). If you prefer, you can also email me the log at dain AT yubico DOT com.

[dainnilsson]

Did you figure out what the problem was? I never received anything in my email, so if you sent anything it must have gotten lost somewhere.

[jacobthompson101]

Hi @dainnilsson sorry about that delay, thanks for following up! I had captured the debug log based on your instructions before the Christmas holidays and then work got busy in the new year. I just ran through and removed the serial numbers and any personal information. Please see the attached debug log. I was able to reproduce the issue on December 21st 2023 when capturing the log. Hopefully the debug log is helpful :)
yubico_debuglog.txt

[antoinedeschenes]

@jacobthompson101 Any issues when the key is connected before the app is started? (note: just opened #1388)

[dainnilsson]

I haven't been able to find anything in the log, and have not been able to reproduce this either, so far.

Question to both of you: Does the YubiKey LED start blinking when you're prompted for touch, and does it stop blinking when you touch the sensor? I'm trying to understand if that part works as it should, and when the problem actually occurs.

[jacobthompson101]

@jacobthompson101 Any issues when the key is connected before the app is started? (note: just opened #1388)

@antoinedeschenes I tried connecting the key before the app was started, and the same issue/bug appeared on two different keys in different USB ports, but it appears to only happened once so far on both keys, and then subsequent tries again to make it happen didn't cause the bug.

[jacobthompson101]

@dainnilsson I was able to get the bug a second time within 10 minutes on one of the keys, and yes I can confirm the LED on the Yubikey stopped blinking after I pressed it, but the Touch required screen didn't go away on this attempt. I should note that this USB port is a little bit looser than others I have worked with in the past, but the issue happened in a different USB port as well so it's not limited to just that USB port.

[antoinedeschenes]

I haven't been able to find anything in the log, and have not been able to reproduce this either, so far.

Question to both of you: Does the YubiKey LED start blinking when you're prompted for touch, and does it stop blinking when you touch the sensor? I'm trying to understand if that part works as it should, and when the problem actually occurs.

Yes, the key starts blinking with the prompt and stops when touched. I even see the blurred code coming up under the modal in the dev build, but there's simply no way to make the modal go away.

Note the modal disappears for a fraction of a second when touching the sensor, but reappears right after.

[dainnilsson]

Yubico Authenticator 6.4.0 has now been released, could you try to reproduce the issue on that version?

[antoinedeschenes]

Hi @dainnilsson, I'm still having the same issue with the 6.4.0 release on macOS 14.3.1:

1. The "Touch Required" modal doesn't go away when touching the button with a TOTP "touch required" token, only if the YubiKey is inserted after the app is started.
2. The modal also doesn't go away if I disconnect the YubiKey, leaving the app in an unusable state.

[dainnilsson]

@antoinedeschenes That's a shame, thanks for testing! Maybe you can provide log output as well, hopefully we'll be able to spot something. Since the dialog won't go away the standard way of getting the logs will be impossible, so you'll have to use the following approach:

Start the app from a terminal, using (assuming install location is /Applications/):
/Applications/Yubico\ Authenticator.app/Content/MacOS/Yubico\ Authenticator --log-level debug

Once you've reproduced the issue, kill the app and copy the log output from the terminal. Please do check it for anything sensitive that you wouldn't like to disclose, and feel free to send it to dain AT yubico DOT com if you'd prefer that to pasting it here.