When re-packaging U2F_AUTHENTICATE responses into CTAP2 GetAssertion responses we were only copying the lowest bit of the user presence byte. While all of the other bits SHALL be 0 according to the CTAP1 spec, the CTAP2 spec says we should "Copy bits 0 (the UP bit) and bit 1 from the CTAP1/U2F response user presence byte to bits 0 and 1 of the CTAP2 flags, respectively. Set all other bits of flags to zero".
When re-packaging
U2F_AUTHENTICATE
responses into CTAP2GetAssertion
responses we were only copying the lowest bit of the user presence byte. While all of the other bits SHALL be 0 according to the CTAP1 spec, the CTAP2 spec says we should "Copy bits 0 (the UP bit) and bit 1 from the CTAP1/U2F response user presence byte to bits 0 and 1 of the CTAP2 flags, respectively. Set all other bits of flags to zero".