|
|
|
|
|
|
by fragmede
111 days ago
|
|
|
WebAuthn assumes the browser is secure. If the browser is compromised, then impersonation becomes possible, so the user, thinking they're authorizing adding a new ssh key on GitHub.com by touching their yubikey, gets their money stolen by the hacked web browser because it has an invisible hidden window with bank.com waiting for yubikey authentication. |
|
|