Re: [webauthn] largeBlob storage extension can be used to bypass 3p storage restrictions (#1518) from Emil Lundberg via GitHub on 2020-11-16 (public-webauthn@w3.org from November 2020)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Mon, 16 Nov 2020 12:06:22 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-727937725-1605528381-sysbot+gh@w3.org>

Care to elaborate on how such a bypass would be done? As I understand the `largeBlob` extension, the data stored is tied to a particular credential, and access to any credential is restricted to the origin that created it.

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1518#issuecomment-727937725 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Monday, 16 November 2020 12:06:23 UTC