Constantoine

**Name of the Vulnerable Software and Affected Versions** totp-rs versions prior to 1.1.0 **Description** The issue concerns a Rust library used for creating 2FA authentication tokens based on time-based one-time passwords (TOTP). Prior to version 1.1.0, token comparison was not performed in constant time, which could theoretically allow an attacker to guess the value of a TOTP token and reuse it within the same time window, provided they already know the password. The library now uses constant-time comparison starting from version 1.1.0. **Recommendations** For versions prior to 1.1.0, update to version 1.1.0 or later to ensure token comparison is performed in constant time, mitigating the risk of token guessing and reuse. As a temporary workaround, consider restricting access to sensitive operations that rely on TOTP tokens until the update can be applied.