[Webkit-unassigned] [Bug 270553] New: WebAuthn excludeCredentials option stopped preventing duplicate passkey registration
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Mar 5 18:38:07 PST 2024
https://bugs.webkit.org/show_bug.cgi?id=270553
Bug ID: 270553
Summary: WebAuthn excludeCredentials option stopped preventing
duplicate passkey registration
Product: WebKit
Version: Safari 17
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: New Bugs
Assignee: webkit-unassigned at lists.webkit.org
Reporter: nov at matake.jp
iOS 17.4 Safari (maybe Safari 17.4?) stopped preventing duplicate passkey registration even excludeCredentials option is specified.
How to reproduce
1. sign-up at https://id.moneyforward.com
2. go to https://id.moneyforward.com/webauthn/credentials and register a passkey
3. after successful registration of the 1st passkey, register 2nd passkey again on the same device
until iOS 17.3, it resulted in an error.
since iOS 17.4, it start succeeds and RP start having 2+ passkeys for the same device.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240306/e52d3eaf/attachment.htm>
More information about the webkit-unassigned
mailing list