[Webkit-unassigned] [Bug 231043] WebAuthn getAssertion for CTAP2 devices using CTAP1
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Nov 4 01:03:56 PDT 2022
https://bugs.webkit.org/show_bug.cgi?id=231043
Joost van Dijk <joost.vandijk at yubico.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |joost.vandijk at yubico.com
--- Comment #5 from Joost van Dijk <joost.vandijk at yubico.com> ---
The behaviour seems intermittent. It is observed in Safari 16 and 16.1 on MacOS 12.6 and 13.0. And it is observed during makeCredential.
When forcing the use of CTAP2 (by using a CTAP2-only key) the modal credentials.create dialog appears without the security key flashing, resulting in a timeout.
When using a CTAP1+CTAP2 device, it will intermittently fallback to CTAP1, and trigger another bug (https://bugs.webkit.org/show_bug.cgi?id=247344) resulting in an incorrect RP ID Hash.
Once this issue is triggered it can be reproduced consistently until Safari is restarted.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20221104/329b0962/attachment.htm>
More information about the webkit-unassigned
mailing list