ovpnmain.cgi: Fix OTP secret handling

Convert stored hex OTP secret to binary prior to converting to base32.

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index ee7b38f3f9c5a04891058a508aaae36b2861e35a..71c79ef471db4926017e3cb0845d25ce8dfdd570 100644 (file)
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -2655,7 +2655,7 @@ else
       darkcolor     => Imager::Color->new(0, 0, 0),
    );
    my $cn = $confighash{$cgiparams{'KEY'}}[2];
-   my $secret = encode_base32($confighash{$cgiparams{'KEY'}}[44]);
+   my $secret = encode_base32(pack('H*', $confighash{$cgiparams{'KEY'}}[44]));
    my $issuer = "$mainsettings{'HOSTNAME'}.$mainsettings{'DOMAINNAME'}";
    my $qrcodeimg = $qrcode->plot("otpauth://totp/$cn?secret=$secret&issuer=$issuer");
    my $qrcodeimgdata;