PANews reported on September 22nd that SlowMist Technology's Chief Information Security Officer, 23pds, posted on the X platform that researchers have discovered a new attack that can bypass WebAuthn key-based login. Attackers can hijack the WebAuthn API through malicious browser extensions or exploit XSS vulnerabilities on websites, forcing downgrades to password login or tampering with the key registration process to steal user credentials. This attack does not require device access or Face ID. Victims who use key login on websites with malicious extensions or vulnerabilities may experience identity impersonation, leading to account compromise. WebAuthn (Web Authentication) is a web standard developed by the W3C and FIDO Alliance. It aims to achieve secure authentication through public key cryptography, replacing or supplementing traditional passwords. Users can log in using hardware security keys (such as YubiKey), built-in platform authenticators (such as Windows Hello, Touch ID, Android biometrics), or devices that comply with the FIDO2 standard.PANews reported on September 22nd that SlowMist Technology's Chief Information Security Officer, 23pds, posted on the X platform that researchers have discovered a new attack that can bypass WebAuthn key-based login. Attackers can hijack the WebAuthn API through malicious browser extensions or exploit XSS vulnerabilities on websites, forcing downgrades to password login or tampering with the key registration process to steal user credentials. This attack does not require device access or Face ID. Victims who use key login on websites with malicious extensions or vulnerabilities may experience identity impersonation, leading to account compromise. WebAuthn (Web Authentication) is a web standard developed by the W3C and FIDO Alliance. It aims to achieve secure authentication through public key cryptography, replacing or supplementing traditional passwords. Users can log in using hardware security keys (such as YubiKey), built-in platform authenticators (such as Windows Hello, Touch ID, Android biometrics), or devices that comply with the FIDO2 standard.
SlowMist CISO: WebAuthn key login has bypass risks
Per feedback o dubbi su questo contenuto, contattateci all'indirizzo crypto.news@mexc.com.
PANews reported on September 22nd that SlowMist Technology's Chief Information Security Officer, 23pds, posted on the X platform that researchers have discovered a new attack that can bypass WebAuthn key-based login. Attackers can hijack the WebAuthn API through malicious browser extensions or exploit XSS vulnerabilities on websites, forcing downgrades to password login or tampering with the key registration process to steal user credentials. This attack does not require device access or Face ID. Victims who use key login on websites with malicious extensions or vulnerabilities may experience identity impersonation, leading to account compromise.
WebAuthn (Web Authentication) is a web standard developed by the W3C and FIDO Alliance. It aims to achieve secure authentication through public key cryptography, replacing or supplementing traditional passwords. Users can log in using hardware security keys (such as YubiKey), built-in platform authenticators (such as Windows Hello, Touch ID, Android biometrics), or devices that comply with the FIDO2 standard.
Opportunità di mercato
Valore HELLO (HELLO)
$0.002114
$0.002114$0.002114
USD
Grafico dei prezzi in tempo reale di HELLO (HELLO)
Disclaimer: gli articoli ripubblicati su questo sito provengono da piattaforme pubbliche e sono forniti esclusivamente a scopo informativo. Non riflettono necessariamente le opinioni di MEXC. Tutti i diritti rimangono agli autori originali. Se ritieni che un contenuto violi i diritti di terze parti, contatta crypto.news@mexc.com per la rimozione. MEXC non fornisce alcuna garanzia in merito all'accuratezza, completezza o tempestività del contenuto e non è responsabile per eventuali azioni intraprese sulla base delle informazioni fornite. Il contenuto non costituisce consulenza finanziaria, legale o professionale di altro tipo, né deve essere considerato una raccomandazione o un'approvazione da parte di MEXC.
Potrebbe anche piacerti
Up To $10,000 Per Person Heading to Victims of Massive Cybersecurity Attack on Tech Firm
The post Up To $10,000 Per Person Heading to Victims of Massive Cybersecurity Attack on Tech Firm appeared on BitcoinEthereumNews.com. Up To $10,000 Per Person
Condividi
BitcoinEthereumNews2026/04/04 06:50
Aave CEO Reveals Upcoming Protocol Upgrades Set for Q4 2025 Launch
TLDR Aave v4 introduces a Hub-and-Spoke architecture to improve liquidity flow. The new Reinvestment Module will deploy idle liquidity into low-risk yield. Aave’s upgraded liquidation engine promises faster and more accurate liquidations. CEO Stani Kulechov shares the roadmap for Aave’s major upgrade in Q4 2025. Aave CEO Stani Kulechov has officially announced exciting updates for [...] The post Aave CEO Reveals Upcoming Protocol Upgrades Set for Q4 2025 Launch appeared first on CoinCentral.
Condividi
Coincentral2025/09/18 00:48
EdgeX (EDGE) Surges 46.6% to New ATH: Volume Analysis Reveals Unusual Pattern
EdgeX (EDGE) has surged 46.6% in 24 hours, reaching a new all-time high of $1.17 with trading volume exceeding $248 million. Our analysis of on-chain metrics and
Condividi
Blockchainmagazine2026/04/04 07:01
