SlowMist Warning: WebAuthn Key Login May Be at Risk of Bypass

SlowMist Technology Chief Information Security Officer 23pds issued a warning on the X platform, stating that researchers have discovered a new attack method capable of bypassing WebAuthn key login. Attackers can exploit malicious browser extensions or leverage XSS vulnerabilities on websites to hijack the WebAuthn API, forcing a downgrade to password login or tampering with the key registration process to steal user credentials. Such attacks do not require physical access to the device or the use of Face ID. Users may face identity impersonation risks and account breaches when using key login on websites with vulnerabilities or malicious extensions. WebAuthn is a security authentication standard developed by the W3C and the FIDO Alliance. It aims to replace or supplement traditional passwords through public key cryptography, supporting hardware security keys, platform authenticators, and FIDO2 devices.