SlowMist CISO: WebAuthn key login has bypass risks

SlowMist Technology's Chief Information Security Officer 23pds published an article on the X platform stating that a new type of attack can bypass WebAuthn key login. Malicious extensions or XSS vulnerabilities can hijack APIs to force downgrade password login or steal credentials, allowing identity impersonation without physical contact with the device.