Resource person

56 views
Skip to first unread message

Pro Coder 101

unread,
Aug 24, 2023, 11:47:43 AM8/24/23
to FIDO Dev (fido-dev)
I know it is a weird question and it doesn't really belong here. If I found a vulnerability in a certain type of authenticator that actually makes it vulnerable to certain sophisticated social engineering attacks, whom do I talk to about it? I don't want to discuss it publicly as it might be a zero day and various enterprises might be affected by it.
Any help would be appreciated.

Tim Cappalli

unread,
Aug 24, 2023, 11:53:11 AM8/24/23
to Pro Coder 101, FIDO Dev (fido-dev)
You should disclose it to the authenticator vendor through their disclosure process, typically found on their website.

--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/CAN%2B3J_gui72m%2BTuxz94G13g01RviaSJOot8oXDmpzG%3D1i7yzMg%40mail.gmail.com.

da...@fidoalliance.org

unread,
Aug 28, 2023, 8:56:35 PM8/28/23
to Tim Cappalli, Pro Coder 101, FIDO Dev (fido-dev)
Reply all
Reply to author
Forward
0 new messages