CVE-2023-45669

Name of the Vulnerable Software and Affected Versions WebAuthn4J Spring Security versions prior to 0.9.1.RELEASE

Description A flaw was found in webauthn4j-spring-security-core, where improper signature counter value handling occurs. When an authenticator returns an incremented signature counter value during authentication, webauthn4j-spring-security-core does not properly persist the value. This means cloned authenticator detection does not work, allowing an attacker who cloned a valid authenticator to use it without being detected.

Recommendations For versions prior to 0.9.1.RELEASE, upgrade to version 0.9.1.RELEASE to address the issue. There are no known workarounds for this vulnerability. As a temporary workaround, consider restricting access to the authentication mechanism until the upgrade is applied.