Open ynojima opened 2 weeks ago
https://github.com/eclipse-vertx/vertx-auth/blob/f2fe95820b41db7da3afcc8a2028fedeb8b5ee8f/vertx-auth-webauthn4j/src/main/java/io/vertx/ext/auth/webauthn4j/impl/WebAuthn4JImpl.java#L169
NoneAttestationStatementAsyncVerifier should not be included here as none attestation statement doesn't attestates authenticator. This causes attestation check bypass.
NoneAttestationStatementAsyncVerifier
see also: https://github.com/quarkusio/quarkus/pull/44105#discussion_r1821938933
https://github.com/eclipse-vertx/vertx-auth/blob/f2fe95820b41db7da3afcc8a2028fedeb8b5ee8f/vertx-auth-webauthn4j/src/main/java/io/vertx/ext/auth/webauthn4j/impl/WebAuthn4JImpl.java#L169
NoneAttestationStatementAsyncVerifiershould not be included here as none attestation statement doesn't attestates authenticator. This causes attestation check bypass.see also: https://github.com/quarkusio/quarkus/pull/44105#discussion_r1821938933