6 matches found
EUVD-2026-30886
A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay ExecuteActionsActionToken tokens within Keycloak's WebAuthn Web Authentication flow. By intercepting an execute-actions email link, an attacker can register their own authenticator to a victim's...
CVE-2026-37982 Keycloak: org.keycloak.authentication: keycloak: unauthorized account takeover via webauthn token replay
A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay ExecuteActionsActionToken tokens within Keycloak's WebAuthn Web Authentication flow. By intercepting an execute-actions email link, an attacker can register their own authenticator to a victim's...
QES-Backed Virtual FIDO2 Authenticators: Architectural Options for Secure, Synchronizable WebAuthn Credentials
FIDO2 and the WebAuthn standard offer phishing-resistant, public-key based authentication but traditionally rely on device-bound cryptographic keys that are not naturally portable across user devices. Recent passkey deployments address this limitation by enabling multi-device credentials...
KeyDroid: a Large-Scale Analysis of Secure Key Storage in Android Apps
Most contemporary mobile devices offer hardware-backed storage for cryptographic keys, user data, and other sensitive credentials. Such hardware protects credentials from extraction by an adversary who has compromised the main operating system, such as a malicious third-party app. Since 2011,...
Samsung Encryption Flaw
Researchers have found a major encryption flaw in 100 million Samsung Galaxy phones. From the abstract: In this work, we expose the cryptographic design and implementation of Androids Hardware-Backed Keystore in Samsungs Galaxy S8, S9, S10, S20, and S21 flagship devices. We reversed-engineered an...
Secured-core PCs: A brief showcase of chip-to-cloud security against kernel attacks
Gaining kernel privileges by taking advantage of legitimate but vulnerable kernel drivers has become an established tool of choice for advanced adversaries. Multiple malware attacks, including RobbinHood, Uroburos, Derusbi, GrayFish, and Sauron, and campaigns by the threat actor STRONTIUM, have...