Bug Adding, editing or removing passkey does not require user re-authentication

Thread starter Kirby
Start date Sep 19, 2025

There is a bug in this version

Kirby

Guest

Sep 19, 2025

Adding, editing or removing a passkey does not require password confirmation.

This allows kinda easy "account lockouts" by unauthorized actors if they are able to access an active session.

Suggested Fix
Adding, editing or removing a passkey should require re-authentication of the user (password if no 2FA is available, Password + 2FA if no Passkey is available or also Passkey without password if at least one Passskey is available)

Continue reading...

You must log in or register to reply here.

Similar threads

Solved Adding quotes when editing a post is very odd process

Replies: 0

Views: 163

XenForo General Discussions Jan 24, 2025

Mr Lucky

Ques/Help Adding Badges

Replies: 0

Views: 37

XenForo General Discussions Sep 11, 2025

Edriano

XenForo Adding latest posts/threads links to homepage

Replies: 0

Views: 40

XenForo Development & Modifications Sep 4, 2025

maritimesbob

XenForo Adding Last visited date to avatar box

Replies: 0

Views: 41

XenForo Development & Modifications Aug 30, 2025

Larry Barasch

XenForo Adding Fontawesome to nav

Replies: 0

Views: 31

XenForo Development & Modifications Aug 29, 2025

Seeker-Smith

Facebook X (Twitter) Reddit Pinterest WhatsApp Email Link

Top Bottom

Back

Welcome To The Geeks-Board!
For full use of the forum, you need to register. The registration will take only 1 minute and after that, you can enter and read topics. So don't hesitate and register now!
Log in Register
🔥 Hardware & Software Products
🔥 Android Devices Support
🔥 Web Development

This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.

Accept Learn more…

Search

Search

Bug Adding, editing or removing passkey does not require user re-authentication

Kirby

Guest

Similar threads