Details

    • Sprint:
      Iteration 45, Iteration 46, Iteration 47, Iteration 48, Iteration 49, Iteration 50, AppSec Iteration 51, AppSec Iteration 52, AppSec Iteration 53, AppSec Iteration 54, AppSec Iteration 55, AppSec Iteration 56
    • Test Type:

      Description

      Summary
      User could register multiple FIDO2 keys, but when he tries to log in from Firefox, using the hardware keypress he will see a verification warning, and there is no visible option to decide which key to be use.

      Repro

      1. Use Google Chrome
      2. Create a virtual Instance eg.: able.com
      3. Login to virtual instance, and enable MFAs: EOTP, TOTP, and FIDO2 at Instance Settings / Multi-factor Authentication
      4. Go to Account Settings and setup TOTP and multiple FIDO2 keys for the user (I used Yubikey and Fingerprint sensor on my MAC)
      5. Switch web browser to Firefox and go to able.com
      6. Press Sign in
      7. Press Verify button at FIDO2 verifier form
      8. Press the hardware key and press the button the hardware key (I used Yubikey for this step)

      Screen recording
      Check the video

      Actual result
      A warning message is shown about verification is unsuccessful

      Expectation
      Users should successfully login in using a hardware key or fingerprint sensor on Firefox too.

      Test environment
      macOS Big Sur
      Firefox 83.0 (64-bit)
      Yubikey 5 NFC
      MacBook Pro's built-in fingerprint sensor

      Reproduced on
      master
      SHA: a13ddd1546319ec52ea5228accd463f4c407694c
      Updated on: Tue Nov 17 13:37:30 2020 -0800

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              marta.medio Marta Medio (Inactive)
              Reporter:
              gabor.lovas Gábor Lovas
              Recent user:
              Marta Medio (Inactive)
              Participants of an Issue:
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Packages

                  Version Package