Re: [webauthn] PublicKeyCredentialUserEntity difference between name, displayName and id not clear

I'll answer myself again: What prevents the attacker is the assumption that the authenticator will verify the user's identity before giving up the stored account info. Context: #558

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/622#issuecomment-336100503 using your GitHub account

Received on Thursday, 12 October 2017 11:32:14 UTC