Critical severityNVD Advisory· Published Sep 27, 2021· Updated Aug 4, 2024
CVE-2021-38299
CVE-2021-38299
Description
Webauthn Framework 3.3.x before 3.3.4 has Incorrect Access Control. An attacker that controls a user's system is able to login to a vulnerable service using an attached FIDO2 authenticator without passing a check of the user presence.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
web-auth/webauthn-frameworkPackagist | >= 3.3.0, < 3.3.4 | 3.3.4 |
Affected products
2- Webauthn Framework/Webauthn Frameworkdescription
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-6whf-q6p5-84wgghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-38299ghsaADVISORY
- github.com/web-auth/webauthn-framework/commit/572e239c5702667ca52487faf861abc768a46308ghsaWEB
- github.com/web-auth/webauthn-framework/releasesghsax_refsource_MISCWEB
- github.com/web-auth/webauthn-framework/releases/tag/v3.3.4ghsaWEB
- www.fzi.de/en/news/news/detail-en/artikel/fsa-2021-1-fehlende-ueberpruefung-von-user-presence-in-webauthn-frameworkghsaWEB
- www.fzi.de/en/news/news/detail-en/artikel/fsa-2021-1-fehlende-ueberpruefung-von-user-presence-in-webauthn-framework/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.