8 matches found
Usability of Passwordless Authentication in Wi-Fi Networks: A Comparative Study of Passkeys and Passwords in Captive Portals
Passkeys have recently emerged as a passwordless authentication mechanism, yet their usability in captive portals remains unexplored. This paper presents an empirical, comparative usability study of passkeys and passwords in a Wi-Fi hotspot using a captive portal. We conducted a controlled...
Passwords and FIDO2 Are Meant to Be Secret: a Practical Secure Authentication Channel for Web Browsers
Password managers provide significant security benefits to users. However, malicious client-side scripts and browser extensions can steal passwords after the manager has autofilled them into the web page. In this paper, we extend prior work by Stock and Johns, showing how password autofill can be...
CVE-2025-29991
Yubico YubiKey 5.4.1 through 5.7.3 before 5.7.4 has an incorrect FIDO CTAP PIN/UV Auth Protocol Two implementation. It uses the signature length from CTAP PIN/UV Auth Protocol One, even when CTAP PIN/UV Auth Protocol Two was chosen, resulting in a partial signature verification...
CVE-2025-29991
CVE-2025-29991 affects Yubico YubiKey 5.4.1–5.7.3; the FIDO CTAP PIN/UV Auth Protocol Two implementation incorrectly uses the 16-byte signature length from Protocol One, causing partial signature verification when Protocol Two is chosen. Remediation: update to version 5.7.4 or later. Other disclo...
CVE-2025-29991
Yubico YubiKey 5.4.1 through 5.7.3 before 5.7.4 has an incorrect FIDO CTAP PIN/UV Auth Protocol Two implementation. It uses the signature length from CTAP PIN/UV Auth Protocol One, even when CTAP PIN/UV Auth Protocol Two was chosen, resulting in a partial signature verification...
YSA-2025-02 | Yubico
A low severity issue has been identified in YubiKeys versions 5.4.1 through 5.7.3 in the FIDO CTAP PIN/UV Auth Protocol Two implementation. These YubiKey versions use the 16 byte signature length from CTAP PIN/UV Auth Protocol One during the verification step, even when the 32 byte CTAP PIN/UV Au...
Vulnerability of the Server component: PAM Auth Plugin of the MySQL Server database management system, which allows attackers to gain unauthorized access to protected information.
The vulnerability of the MySQL Server database management system’s PAM Auth Plugin relates to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to protected information using the FIDO network protocol...
DARPA, FIDO Alliance Join Race to Replace Passwords
Nearly everyone agrees that passwords are the bane of Internet security. For years, industry thinkers have somewhat vaguely referenced the need for Internet fingerprints capable of reliably verifing identities online. Yet here we are, it’s 2013 and passwords remain the primary means of...