- From: Emil Lundberg <noreply@github.com>
- Date: Wed, 21 Sep 2022 12:51:45 -0700
- To: public-webauthn@w3.org
Branch: refs/heads/main
Home: https://github.com/w3c/webauthn
Commit: 4442cb39a36a59b14a03c28462167873a5798b13
https://github.com/w3c/webauthn/commit/4442cb39a36a59b14a03c28462167873a5798b13
Author: Emil Lundberg <emil@yubico.com>
Date: 2022-05-26 (Thu, 26 May 2022)
Changed paths:
M index.bs
Log Message:
-----------
Narrow claim about MitM resistance to tampering specifically
As noted in issue #1731: Under the given assumption alone, the ceremony is not
necessarily resistant to code injection MitM attacks that execute on a
legitimate origin but exfiltrate the assertion to a malicious remote server.
Commit: d388f9bd013da65c00ad57a4314fbb7bd8fba882
https://github.com/w3c/webauthn/commit/d388f9bd013da65c00ad57a4314fbb7bd8fba882
Author: Emil Lundberg <emil@yubico.com>
Date: 2022-05-26 (Thu, 26 May 2022)
Changed paths:
M index.bs
Log Message:
-----------
Add security consideration: Code injection attacks
This addresses issue #1731.
See: https://github.com/w3c/webauthn/issues/1731
Commit: 74eb1b6abcf8ddca9cec3bdc6f9f43c0ff87eed6
https://github.com/w3c/webauthn/commit/74eb1b6abcf8ddca9cec3bdc6f9f43c0ff87eed6
Author: Emil Lundberg <emil@yubico.com>
Date: 2022-06-28 (Tue, 28 Jun 2022)
Changed paths:
M index.bs
Log Message:
-----------
Address review comments
Commit: 797e76ebb4f08f769890f0597736382de8737662
https://github.com/w3c/webauthn/commit/797e76ebb4f08f769890f0597736382de8737662
Author: Emil Lundberg <emil@yubico.com>
Date: 2022-09-21 (Wed, 21 Sep 2022)
Changed paths:
M index.bs
Log Message:
-----------
Merge pull request #1733 from w3c/issue-1731-code-injection-cons
Add "Code injection attacks" security consideration
Compare: https://github.com/w3c/webauthn/compare/f754904a8512...797e76ebb4f0
Received on Wednesday, 21 September 2022 19:51:58 UTC