W3C home > Mailing lists > Public > public-webauthn@w3.org > November 2018

Re: [webauthn] Relying Party Session

From: milesstoetzner via GitHub <sysbot+gh@w3.org>
Date: Mon, 12 Nov 2018 11:53:00 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-437852610-1542023579-sysbot+gh@w3.org>
Ok, thanks for the answer. 

Therefore a MitB could intercept a valid response of an authentication and send it in an own connection to the given route in order to impersonate the user.

That is what I was thinking about.

GitHub Notification of comment by milesstoetzner
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1111#issuecomment-437852610 using your GitHub account
Received on Monday, 12 November 2018 11:53:01 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:35 UTC