Question about other one's QR code


#1

Hello, yesterday, I used wechat to scan a QRcode of your privateIDEA(with serial number), and there was a blank page appear.

I want to check whether there is any risk for the user created this QRcode to have my account password?


#2

Hi,

we need some more information to help You.
What exactly is Your setup? Where does the QR code come from? What are You trying to achieve?
If this QR code represents an OTP-token generated by privacyIDEA, it contains the private key for this token and the username of the user who generated the token.
Unfortunately we have no wechat here to check this.

Regards,
Paul


#3

Thanks Paul. Actually just someone cannot open the website by scanning the QRcode. She let me help to check whether I can scan the QRcode to see whether there is content.
It’s from her boss. She said her company is an Advertisment Company.

I use only wechat and appear nothing but a blank web page.

Whether there is any risk for a virus to have my details and personal information like password? My smartphone is iPhone.


#4

The QR Code contains a secret key, that is used to generate one time passwords.
The contained URI was defined by google, to pass keys to a smartphone app.

The intent of the contained URI is not “https://…something…”, but “otpauth://…something…”.
So if you do not have an app installed on your smartphone, that knows what to do with “otpauth”, then of course you will se nothing.

It is the same for me as if you would ask me something in Mandarin, my brain has not app installed to understand this :wink: