CVE-2021-38299

Incorrect Authorization in packagist/web-auth/webauthn-framework

Identifier

CVE-2021-38299

Package Slug

packagist/web-auth/webauthn-framework

Vulnerability

Incorrect Authorization

Description

Webauthn Framework has Incorrect Access Control. An attacker that controls a user's system is able to login to a vulnerable service using an attached FIDO2 authenticator without passing a check of the user presence.

Affected Versions

All versions before 3.2.9, all versions starting from 3.3.0 before 3.3.4

Solution

Upgrade to versions 3.2.9, 3.3.4 or above.

Last Modified

2021-10-10

source