2 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-31742
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles a...
Mozilla: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue as an attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have...