[Webkit-unassigned] [Bug 217050] New: [WebAuthn] Do WebAuthn(U2F) registration through https://myaccount.google.com/ doesn't block registered security keys
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Sep 28 05:27:32 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=217050
Bug ID: 217050
Summary: [WebAuthn] Do WebAuthn(U2F) registration through
https://myaccount.google.com/ doesn't block registered
security keys
Product: WebKit
Version: Safari Technology Preview
Hardware: Unspecified
OS: Unspecified
Status: NEW
Keywords: InRadar
Severity: Normal
Priority: P2
Component: WebKit Website
Assignee: webkit-unassigned at lists.webkit.org
Reporter: nuno.sung at authentrend.com
CC: agektmr at google.com, jiewen_tan at apple.com,
jond at apple.com, webkit-bug-importer at group.apple.com,
webkit-unassigned at lists.webkit.org
Test STP 113 on macOS 10.15.6
1. Open URL https://myaccount.google.com/ and then go to 2-Step Verification to add security key.
2. Use security key through USB transports
3. Security key receive U2F_REG command and success to add this key.
4. Click "add security key" again with the same key.
5. The same key is still allowed to registered with error.
On Chrome v85 on the same MAC machine and Chromes on Windows10, the website's error dialog "Security Key already registered" will be showed up in this case.
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200928/611ca806/attachment.htm>
More information about the webkit-unassigned
mailing list