StrongKey FIDO Server 安全漏洞

StrongKey FIDO Server is an open source FIDO2/WebAuthn authentication server from StrongKey, Inc. for implementing passwordless authentication solutions based on the FIDO Fast Identity Online standard. A security vulnerability exists in StrongKey FIDO Server versions prior to 4.15.1, which stems...

CVE-2025-26788

StrongKey FIDO Server before 4.15.1 is affected: a non-discoverable (namedcredential) flow is treated as a discoverable transaction, potentially enabling abnormal processing. The CVSS v3.1 base score is 8.4 (HIGH) with impact to confidentiality and integrity (both HIGH) and availability LOW. Root...