On Fri, Jul 19, 2019 at 07:21:35PM +0200, Ond??ej Kuzn??k wrote:

...

    if (chk_totp(&passwd_otp, &cred_otp, mech, text) == LUTIL_PASSWD_OK
                    && lutil_passwd(&passwd_pass, &cred_pass, NULL, text)
                    == LUTIL_PASSWD_OK)
            rc = LUTIL_PASSWD_OK;

This only checks the password if OTP check passed, right? So if checking the password takes a measurable amount of time, an attacker can see if they hit the right OTP token without it being voided.

Ah, yes, sorry I didn't quite catch what you were getting at previously there. I'll submit an updated patch shortly to fix this, as well as some documentation updates for issues pointed out.