Rewards Hub SlowMist Technology's Chief Information Security Officer, 23pds, has highlighted a new security threat involving WebAuthn key-based logins. Researchers have identified an attack method that allows malicious actors to bypass WebAuthn authentication by hijacking the API through harmful browser extensions or exploiting cross-site scripting (XSS) vulnerabilities. This attack can force a downgrade to password logins or manipulate the key registration process to steal credentials, without needing physical device access or Face ID.
The vulnerability poses a significant risk to users who rely on WebAuthn for secure authentication, as it can lead to identity impersonation and account compromise. WebAuthn, developed by the W3C and FIDO Alliance, is designed to enhance security through public key cryptography, offering alternatives to traditional passwords via hardware security keys or compliant devices.
SlowMist CISO Warns of WebAuthn Key Login Bypass Risks
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.