[webauthn] new commits pushed by emlun from Emil Lundberg via GitHub on 2022-09-21 (public-webauthn@w3.org from September 2022)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Wed, 21 Sep 2022 19:51:35 +0000
To: public-webauthn@w3.org
Message-ID: <push-797e76ebb4f08f769890f0597736382de8737662-1663789892-sysbot+gh@w3.org>

The following commits were just pushed by emlun to https://github.com/w3c/webauthn:

* Narrow claim about MitM resistance to tampering specifically

As noted in issue #1731: Under the given assumption alone, the ceremony is not
necessarily resistant to code injection MitM attacks that execute on a
legitimate origin but exfiltrate the assertion to a malicious remote server.
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/4442cb39a36a59b14a03c28462167873a5798b13

* Add security consideration: Code injection attacks

This addresses issue #1731.

See: https://github.com/w3c/webauthn/issues/1731
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/d388f9bd013da65c00ad57a4314fbb7bd8fba882

* Address review comments
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/74eb1b6abcf8ddca9cec3bdc6f9f43c0ff87eed6

* Merge pull request #1733 from w3c/issue-1731-code-injection-cons

Add "Code injection attacks" security consideration
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/797e76ebb4f08f769890f0597736382de8737662



-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 21 September 2022 19:51:36 UTC