Mbudnick

**Name of the Vulnerable Software and Affected Versions** WebAuthn4J Spring Security versions prior to 0.9.1.RELEASE **Description** A flaw was found in webauthn4j-spring-security-core, where improper signature counter value handling occurs. When an authenticator returns an incremented signature counter value during authentication, webauthn4j-spring-security-core does not properly persist the value. This means cloned authenticator detection does not work, allowing an attacker who cloned a valid authenticator to use it without being detected. **Recommendations** For versions prior to 0.9.1.RELEASE, upgrade to version 0.9.1.RELEASE to address the issue. There are no known workarounds for this vulnerability. As a temporary workaround, consider restricting access to the authentication mechanism until the upgrade is applied.