Buy Crypto Markets Spot FuturesGOLD Earn Event Centre

PANews reported on September 22nd that SlowMist Technology's Chief Information Security Officer, 23pds, posted on the X platform that researchers have discovered a new attack that can bypass WebAuthn key-based login. Attackers can hijack the WebAuthn API through malicious browser extensions or exploit XSS vulnerabilities on websites, forcing downgrades to password login or tampering with the key registration process to steal user credentials. This attack does not require device access or Face ID. Victims who use key login on websites with malicious extensions or vulnerabilities may experience identity impersonation, leading to account compromise. WebAuthn (Web Authentication) is a web standard developed by the W3C and FIDO Alliance. It aims to achieve secure authentication through public key cryptography, replacing or supplementing traditional passwords. Users can log in using hardware security keys (such as YubiKey), built-in platform authenticators (such as Windows Hello, Touch ID, Android biometrics), or devices that comply with the FIDO2 standard.PANews reported on September 22nd that SlowMist Technology's Chief Information Security Officer, 23pds, posted on the X platform that researchers have discovered a new attack that can bypass WebAuthn key-based login. Attackers can hijack the WebAuthn API through malicious browser extensions or exploit XSS vulnerabilities on websites, forcing downgrades to password login or tampering with the key registration process to steal user credentials. This attack does not require device access or Face ID. Victims who use key login on websites with malicious extensions or vulnerabilities may experience identity impersonation, leading to account compromise. WebAuthn (Web Authentication) is a web standard developed by the W3C and FIDO Alliance. It aims to achieve secure authentication through public key cryptography, replacing or supplementing traditional passwords. Users can log in using hardware security keys (such as YubiKey), built-in platform authenticators (such as Windows Hello, Touch ID, Android biometrics), or devices that comply with the FIDO2 standard.

SlowMist CISO: WebAuthn key login has bypass risks

Author: PANews

Source: PANews

2025/09/22 15:05

1 min read

For feedback or concerns regarding this content, please contact us at crypto.news@mexc.com

WebAuthn (Web Authentication) is a web standard developed by the W3C and FIDO Alliance. It aims to achieve secure authentication through public key cryptography, replacing or supplementing traditional passwords. Users can log in using hardware security keys (such as YubiKey), built-in platform authenticators (such as Windows Hello, Touch ID, Android biometrics), or devices that comply with the FIDO2 standard.

Market Opportunity

HELLO Price(HELLO)

$0.002164

$0.002164$0.002164

+1.97%

USD

HELLO (HELLO) Live Price Chart

Get 20 USDT in Just 1 Minute

Deposit $100 to unlock $300 in GOLD positions

Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact crypto.news@mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.