CVE-2023-44039

2024-04-0316:15:07

[email protected]

web.nvd.nist.gov

veridiumid

webauthn api

vulnerability

fido key

account takeover

7.4 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

8.7%

JSON

In VeridiumID before 3.5.0, the WebAuthn API allows an internal unauthenticated attacker (who can pass enrollment verifications and is allowed to enroll a FIDO key) to register their FIDO authenticator to a victim’s account and consequently take over the account.