[webauthn] new commits pushed by emlun from Emil Lundberg via GitHub on 2022-05-26 (public-webauthn@w3.org from May 2022)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Thu, 26 May 2022 14:37:27 +0000
To: public-webauthn@w3.org
Message-ID: <push-e08a231aba85a24db4db68c3ba66e1564adf62b5-1653575845-sysbot+gh@w3.org>

The following commits were just pushed by emlun to https://github.com/w3c/webauthn:

* Narrow claim about MitM resistance to tampering specifically

As noted in issue #1731: Under the given assumption alone, the ceremony is not
necessarily resistant to code injection MitM attacks that execute on a
legitimate origin but exfiltrate the assertion to a malicious remote server.
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/4442cb39a36a59b14a03c28462167873a5798b13

* Add security consideration: Code injection attacks

This addresses issue #1731.

See: https://github.com/w3c/webauthn/issues/1731
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/e08a231aba85a24db4db68c3ba66e1564adf62b5



-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 26 May 2022 14:37:29 UTC