Webauthn Attestation object credential length is invalid
Categories
(Core :: DOM: Web Authentication, defect)
Tracking
()
People
(Reporter: djpjvs, Unassigned)
Details
Attachments
(2 files)
Firefox for Android
Steps to reproduce:
On my windows Firefox
I created a webauthn credential with additional attestation data. Asking for direct attestation.
Using something similar to https://webauthn.bin.coffee/
Actual results:
The [authdata] [attested cred data] [length] bytes report 32396 instead of the length of the credential.
This results in security keys not working when additional credential data is used
Expected results:
The credentialID length should be the length of the CredentialID. It the moment it give a value that is far from the expected details.
This is working in 97 but not in 98
When CBOR decoding the response.attestationObject and check bytes 53 and 54 it give length of 32396 instead of the length of the credentialID.
Here, when decoded the credential length is 96 which is correct
|
||
Updated•3 years ago
|
Seems to be related to https://bugzilla.mozilla.org/show_bug.cgi?id=1759162
Issue seems to be gone in 98.0.2
is was on both Windows and Android, but it seems like issue is gone in 98.0.2
|
||
Comment 6•3 years ago
|
||
Ok, then I guess I can close this. Thanks for reporting.
|
|
||
Updated•3 years ago
|
|
||
Updated•3 years ago
|
|
||
Updated•5 months ago
|
Description
•