Details
-
Impedibug
-
Status: Closed
-
Minor
-
Resolution: Discarded
-
Master
-
None
-
None
-
Iteration 45, Iteration 46, Iteration 47, Iteration 48, Iteration 49, Iteration 50, AppSec Iteration 51, AppSec Iteration 52, AppSec Iteration 53, AppSec Iteration 54, AppSec Iteration 55, AppSec Iteration 56
Description
Summary
User could register multiple FIDO2 keys, but when he tries to log in from Firefox, using the hardware keypress he will see a verification warning, and there is no visible option to decide which key to be use.
Repro
- Use Google Chrome
- Create a virtual Instance eg.: able.com
- Login to virtual instance, and enable MFAs: EOTP, TOTP, and FIDO2 at Instance Settings / Multi-factor Authentication
- Go to Account Settings and setup TOTP and multiple FIDO2 keys for the user (I used Yubikey and Fingerprint sensor on my MAC)
- Switch web browser to Firefox and go to able.com
- Press Sign in
- Press Verify button at FIDO2 verifier form
- Press the hardware key and press the button the hardware key (I used Yubikey for this step)
Screen recording
Check the video
Actual result
A warning message is shown about verification is unsuccessful
Expectation
Users should successfully login in using a hardware key or fingerprint sensor on Firefox too.
Test environment
macOS Big Sur
Firefox 83.0 (64-bit)
Yubikey 5 NFC
MacBook Pro's built-in fingerprint sensor
Reproduced on
master
SHA: a13ddd1546319ec52ea5228accd463f4c407694c
Updated on: Tue Nov 17 13:37:30 2020 -0800
Attachments
Issue Links
- links to