Some U2F tokens no longer usable in Firefox
Categories
(Core :: DOM: Web Authentication, defect, P3)
Tracking
()
People
(Reporter: phazon, Unassigned)
Details
Attachments
(1 file)
|
4.00 KB,
application/octet-stream
|
Details |
Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Steps to reproduce:
I have relatively old U2F token attached to several services like Github. I tried to authenticate in them using this key and found that key dont seems to work. Albeit Firefox gave me notification to push button on token, token itself didnt blink and button push give no reaction.
Same result archived on Webauthn.io or Webauthn.bin.coffee test sites - registration with key just dont work
Actual results:
Nothing happens with key, doesnt blink, doesnt react
Expected results:
Successful login with key.
Additional info:
Firefox Nightly 128 on Ubuntu 23.10, installed from ftp.mozilla.org, not snap.
Model of key is Hypersecu HyperFIDO (vendor=0x096e, product=0x0880). Works fine in Chromium, so device isnt faulty.
I tested older version of Firefox and found that key worked up until Firefox 109, to be more specific last good version is Nightly from 2022-12-06-16 and first bad is 2022-12-07-09.
This exactly when https://bugzilla.mozilla.org/show_bug.cgi?id=1530373 landed CTAP2 support.
As suggested in other bug i used MOZ_LOG=authenticator::*:5 to get some additional info, log attached.
I have a guess as to what's wrong here. I've opened https://github.com/mozilla/authenticator-rs/issues/336 upstream.
Description
•