New posts

Adding, editing or removing passkey does not require user re-authentication

Thread starter Kirby
Start date Today at 10:02 AM

Visitor Greeting

Welcome to NullWarehouse.com... We are currently seeking Mod's and Contributors. If you wish to apply for a Mod position then please click on Members dropdown arrow, then click on Staff App and fill it out completely and submit it. If you want to be a Contributor then start contributing and we will have our eye on you and take notice, something great could come of it.

We have redone the forum. If you notice any issues or errors please open a Support Ticket under the Members dropdown and let us know.

Got something to Advertise? Do it here for just $15.00/mo

Kirby

Guest

Today at 10:02 AM

Adding, editing or removing a passkey does not require password confirmation.

This allows kinda easy "account lockouts" by unauthorized actors if they are able to access an active session.

Suggested Fix
Adding, editing or removing a passkey should require re-authentication of the user (password if no 2FA is available, Password + 2FA if no Passkey is available or also Passkey without password if at least one Passskey is available)

Continue reading...

Linear Floor Drains and Gutters

building js?!

You must log in or register to reply here.

M	Adding quotes when editing a post is very odd process Mr Lucky Jan 24, 2025 Xenforo RSS Feed
B	Stopping users from editing and removing attachments Blackbeard Dec 22, 2024 Xenforo RSS Feed
O	Where can I find instructions to adding an array type option in my options page? Orit Nov 14, 2024 Xenforo RSS Feed
D	Adding information to report message Darat May 4, 2025 Xenforo RSS Feed
F	Adding New threads to What's new frm Sep 15, 2024 Xenforo RSS Feed

Adding, editing or removing passkey does not require user re-authentication

Visitor Greeting

We value your privacy