4 matches found
Authentication Bypass by Assumed-Immutable Data
Overview Affected versions of this package are vulnerable to Authentication Bypass by Assumed-Immutable Data in the step-up verification process. An attacker can gain unauthorized access to root-only channel secrets by bypassing authentication mechanisms using passkey-based methods. Remediation...
GHSA-5353-F8FQ-65VC New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure
Summary A logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification without completing a WebAuthn assertion. Affected versions = v0.10.0 Description The POST /api/verify endpoint supports multiple secure verification...
New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure
Summary A logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification without completing a WebAuthn assertion. Affected versions = v0.10.0 Description The POST /api/verify endpoint supports multiple secure verification...
CVE-2026-32879 New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Starting in version 0.10.0, a logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification without completing a WebAut...