Vulnerability	Vulnerable Version
H Incorrect Check of Function Return Value Affected versions of this package are vulnerable to Incorrect Check of Function Return Value in the "second factor" flow where FinishAssertionSteps fails to cross-check the verified credential handle against the requested username when a userHandle is not found for that username during the initial lookup. An attacker can gain unauthorized access by exploiting this flaw to impersonate another user. How to fix Incorrect Check of Function Return Value? Upgrade `com.yubico:webauthn-server-core` to version 2.6.0-RC1, 2.7.0-RC1, 2.8.2, 2.9.0 or higher.	[2.6.0-alpha2,2.6.0-RC1)[2.7.0-alpha1,2.7.0-RC1)[2.8.0-alpha1,2.8.2)[2.9.0-alpha1,2.9.0)

Incorrect Check of Function Return Value

Affected versions of this package are vulnerable to Incorrect Check of Function Return Value in the "second factor" flow where FinishAssertionSteps fails to cross-check the verified credential handle against the requested username when a userHandle is not found for that username during the initial lookup. An attacker can gain unauthorized access by exploiting this flaw to impersonate another user.

How to fix Incorrect Check of Function Return Value?

Upgrade com.yubico:webauthn-server-core to version 2.6.0-RC1, 2.7.0-RC1, 2.8.2, 2.9.0 or higher.

[2.6.0-alpha2,2.6.0-RC1)[2.7.0-alpha1,2.7.0-RC1)[2.8.0-alpha1,2.8.2)[2.9.0-alpha1,2.9.0)

Go back to all versions of this package