CVE-2023-44039

Name of the Vulnerable Software and Affected Versions VeridiumID versions prior to 3.5.0

Description The issue allows an internal unauthenticated attacker, who can pass enrollment verifications and is allowed to enroll a FIDO key, to register their FIDO authenticator to a victim's account, consequently taking over the account. This is related to the WebAuthn API.

Recommendations For versions prior to 3.5.0, update to version 3.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the WebAuthn API or limiting the ability to enroll new FIDO keys to prevent potential account takeovers.