Place Your Ad Here

Bug PassKey implementation is not compliant with WebAuthn standard

There is a bug in this version
K

Kirby

Guest
https://www.w3.org/TR/webauthn-2/#sctn-user-handle-privacy
Since the user handle is not considered personally identifying information in § 14.4.2 Privacy of personally identifying information Stored in Authenticators, the Relying Party MUST NOT include personally identifying information, e.g., e-mail addresses or usernames, in the user handle. This includes hash values of personally identifying information, unless the hash function is salted with...
Click to expand...
Click to expand...

Read more

Continue reading...
 
You must log in or register to reply here.

Similar threads

K
Solved Passkey implementation is not compliant with Web Authentication standard
Replies
0
Views
91
XenForo General Discussions
Kirby
K
D
Bug Passkey registration failed: invalid rpId hash
Replies
0
Views
22
XenForo General Discussions
danger@
D
A
Bug Log in using Passkey can fail when 'view' permission for unregistered is 'No'
Replies
0
Views
18
XenForo General Discussions
alexm
A
N
Ques/Help Passkey registration failed: invalid origin
Replies
0
Views
26
XenForo General Discussions
Nerji
N
S
Bug Adding a Passkey implicitly enables 2FA which effectively disables password-based login and unexpectedly makes account recovery impossible
Replies
0
Views
30
XenForo General Discussions
Steffen
S
Top Bottom
Back