You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This implementation of UAF, which appears to be FIDO certified, fails to correctly verify authenticator records and does not support TLS channel binding, which is essential for resisting certain man-in-the-middle attacks.
Notably, the implementation fails to verify any of the final challenge parameter (fcp) fields, potentially verifying attestations that do not even attest the appropriate challenge.
The text was updated successfully, but these errors were encountered:
This implementation of UAF, which appears to be FIDO certified, fails to correctly verify authenticator records and does not support TLS channel binding, which is essential for resisting certain man-in-the-middle attacks.
Notably, the implementation fails to verify any of the final challenge parameter (fcp) fields, potentially verifying attestations that do not even attest the appropriate challenge.
The text was updated successfully, but these errors were encountered: