GHSA-5353-F8FQ-65VC New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure
Summary A logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification without completing a WebAuthn assertion. Affected versions = v0.10.0 Description The POST /api/verify endpoint supports multiple secure verification...