Closed Bug 1460692 Opened 6 years ago Closed 1 year ago

U2F sign not returning DEVICE_INELIGIBLE when no key handle matches

Categories

(Core :: DOM: Device Interfaces, defect, P3)

Product:
Core
Component:
DOM: Device Interfaces
Version:
60 Branch
Type:
defect

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: jhohisel, Unassigned)

References

Details

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36

Steps to reproduce:

This bug can be reproduced on the yubico demo site: https://demo.yubico.com/u2f

I am attempting to authenticate using a FIDO U2F security key. I have one key registered that is a Yubikey U2F device (let's refer to it as Key A), and attempting to authenticate with a Yubikey 4 device (let's refer to this as Key B).
The registeredKeys array sent contains one key (Key A) but Key B is inserted.
The keyHandle does not match the inserted device (this is expected and intentional).


Actual results:

I receive error code 1 OTHER_ERROR


Expected results:

I should receive error code 4 DEVICE_INELIGIBLE (as received by Chrome 66.0.3359.139)

According to FIDO U2F specs (https://fidoalliance.org/specs/u2f-specs-master/fido-u2f-javascript-api.html) DEVICE_INELIGIBLE: "for a sign request it may mean the token does not know the presented key handle"
Component: Untriaged → DOM: Device Interfaces
Product: Firefox → Core
Blocks: webauthn
Priority: -- → P3
Severity: normal → S3

The U2F javascript API is disabled by default in Firefox 112 and will be removed in 114.

No longer blocks: webauthn
Status: UNCONFIRMED → RESOLVED
Closed: 1 year ago
Resolution: --- → WONTFIX
See Also: → 1809333, 1737205
You need to log in before you can comment on or make changes to this bug.