It’s an attack that lets the malicious actor hijack the passkey registration flow to insert a key that they know, so that they can later log in as the victim.
If the computer where registration happens is not trusted, no authentication protocol will help. Compare this attack ("malicious computer substitutes passkey at registration time") with a password one ("malicious computer substitutes password at registration time").
But unlike a compromised password, a compromised passkey can be detected much more easily, since the "real" key will end up not working, unless the attacker also adds it to the victim's account.
That should be very noticeable to the victim though, right?
Their own key would not work (unless the attacker persistently MITMs them and swaps their own credential in for every subsequent authentication) or they'd see multiple credentials being present in their account.
It's also a good idea to send out an email for every new credential added.
warkdarrior|8 months ago
lxgr|8 months ago
lxgr|8 months ago
Their own key would not work (unless the attacker persistently MITMs them and swaps their own credential in for every subsequent authentication) or they'd see multiple credentials being present in their account.
It's also a good idea to send out an email for every new credential added.
jiveturkey|8 months ago
Pretty confident that is out of scope for any reasonable threat model.