[w3c/webauthn] 4442cb: Narrow claim about MitM resistance to tampering sp... from Emil Lundberg on 2022-05-26 (public-webauthn@w3.org from May 2022)

From: Emil Lundberg <noreply@github.com>
Date: Thu, 26 May 2022 07:37:37 -0700
To: public-webauthn@w3.org
Message-ID: <w3c/webauthn/push/refs/heads/issue-1731-code-injection-cons/000000-e08a23@githu>

  Branch: refs/heads/issue-1731-code-injection-cons
  Home:   https://github.com/w3c/webauthn
  Commit: 4442cb39a36a59b14a03c28462167873a5798b13
      https://github.com/w3c/webauthn/commit/4442cb39a36a59b14a03c28462167873a5798b13
  Author: Emil Lundberg <emil@yubico.com>
  Date:   2022-05-26 (Thu, 26 May 2022)

  Changed paths:
    M index.bs

  Log Message:
  -----------
  Narrow claim about MitM resistance to tampering specifically

As noted in issue #1731: Under the given assumption alone, the ceremony is not
necessarily resistant to code injection MitM attacks that execute on a
legitimate origin but exfiltrate the assertion to a malicious remote server.


  Commit: e08a231aba85a24db4db68c3ba66e1564adf62b5
      https://github.com/w3c/webauthn/commit/e08a231aba85a24db4db68c3ba66e1564adf62b5
  Author: Emil Lundberg <emil@yubico.com>
  Date:   2022-05-26 (Thu, 26 May 2022)

  Changed paths:
    M index.bs

  Log Message:
  -----------
  Add security consideration: Code injection attacks

This addresses issue #1731.

See: https://github.com/w3c/webauthn/issues/1731


Compare: https://github.com/w3c/webauthn/compare/4442cb39a36a%5E...e08a231aba85

Received on Thursday, 26 May 2022 14:37:48 UTC