[Webkit-unassigned] [Bug 217050] New: [WebAuthn] Do WebAuthn(U2F) registration through https://myaccount.google.com/ doesn't block registered security keys

Mon Sep 28 05:27:32 PDT 2020

https://bugs.webkit.org/show_bug.cgi?id=217050

            Bug ID: 217050
           Summary: [WebAuthn] Do WebAuthn(U2F) registration through
                    https://myaccount.google.com/ doesn't block registered
                    security keys
           Product: WebKit
           Version: Safari Technology Preview
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Keywords: InRadar
          Severity: Normal
          Priority: P2
         Component: WebKit Website
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: nuno.sung at authentrend.com
                CC: agektmr at google.com, jiewen_tan at apple.com,
                    jond at apple.com, webkit-bug-importer at group.apple.com,
                    webkit-unassigned at lists.webkit.org

Test STP 113 on macOS 10.15.6 

1. Open URL https://myaccount.google.com/ and then go to 2-Step Verification to add security key.
2. Use security key through USB transports
3. Security key receive U2F_REG command and success to add this key.
4. Click "add security key" again with the same key.
5. The same key is still allowed to registered with error.

On Chrome v85 on the same MAC machine and Chromes on Windows10, the website's error dialog "Security Key already registered" will be showed up in this case.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200928/611ca806/attachment.htm>