Resource person

Skip to first unread message

Pro Coder 101

Aug 24, 2023, 11:47:43 AM8/24/23
to FIDO Dev (fido-dev)
I know it is a weird question and it doesn't really belong here. If I found a vulnerability in a certain type of authenticator that actually makes it vulnerable to certain sophisticated social engineering attacks, whom do I talk to about it? I don't want to discuss it publicly as it might be a zero day and various enterprises might be affected by it.
Any help would be appreciated.

Tim Cappalli

Aug 24, 2023, 11:53:11 AM8/24/23
to Pro Coder 101, FIDO Dev (fido-dev)
You should disclose it to the authenticator vendor through their disclosure process, typically found on their website.

You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
To view this discussion on the web visit

Aug 28, 2023, 8:56:35 PM8/28/23
to Tim Cappalli, Pro Coder 101, FIDO Dev (fido-dev)
Reply all
Reply to author
0 new messages