Verifiers
Explore different passkey authentication flows and security vulnerabilities. Select a verifier to activate it for the current session.
Authentication Verifiers
Demo Verifiers
These verifiers demonstrate different passkey authentication flows.
| ID | Name | Description | Hint | |
|---|---|---|---|---|
1 |
Password | Traditional password-only login, no passkey support | Baseline flow - passkeys disabled | |
2 |
Discoverable | Passkey button triggers discoverable credential flow | Click 'Login with Passkey' - no username needed | |
3 |
Discoverable (No UH) | Discoverable flow skipping userHandle verification | User identified by credential ID only, userHandle ignored. Enables cross-account credential attacks. | |
4 |
Non-Discoverable | Username-first flow with passkey or password fallback | Enter username โ server sends allowCredentials list โ authenticate with passkey or password | |
5 |
Conditional UI | Passkeys appear in browser autofill suggestions | Focus username field to see passkey autofill (requires browser support) | |
6 |
2FA | Password first, then passkey as second factor | Password โ passkey prompt (if registered). UV=required. | |
7 |
2FA (No UV) | 2FA flow with user verification discouraged | UV=discouraged, authenticator skips PIN/biometric | |
8 |
Discoverable (No UV) | Discoverable flow with user verification discouraged | UV=discouraged, authenticator skips PIN/biometric |
Security Verifiers
These verifiers contain intentional vulnerabilities in the authentication flow. Find and exploit them to unlock a reward flag!
| ID | Section | Name | Description | Hint | |
|---|---|---|---|---|---|
9 |
ยง7.2.5 | No Cred Binding | Credential not verified against pre-identified user's allowCredentials | Enter victim's username, use your own credential โ logged in as credential owner (yourself) | |
10 |
ยง7.2.5 | Cred Binding Takeover | Server logs in as pre-identified user instead of credential owner | Enter victim's username, use your credential โ logged in as victim (account takeover) | |
11 |
ยง7.2.6 | No User Handle | userHandle not verified against credential owner | Send mismatched userHandle with your credential โ logged in as credential owner | |
12 |
ยง7.2.6 | User Handle Takeover | Server logs in as userHandle user instead of credential owner | Use your credential, set userHandle to victim's ID โ logged in as victim (account takeover) | |
13 |
ยง7.2.10 | No Type Check | clientDataJSON type not verified | Set type to anything (not 'webauthn.get') โ still accepted | |
14 |
ยง7.2.10 | Type Swap | Wrong ceremony type accepted for authentication | Set type='webauthn.create' instead of 'webauthn.get' | |
15 |
ยง7.2.11 | No Challenge | Challenge not verified | Set arbitrary/random challenge in clientDataJSON โ accepted | |
16 |
ยง7.2.11 | Reused Challenge | Used challenges not invalidated | Replay already-used challenge from your session โ accepted again | |
17 |
ยง7.2.11 | Cross-Session Challenge | Challenges from other sessions accepted | Use unused challenge from another session โ accepted | |
18 |
ยง7.2.12 | No Origin | clientDataJSON origin not verified | Set origin to attacker domain โ still accepted | |
19 |
ยง7.2.12 | Same-Site Origin | Same-site origins (subdomains) accepted | Use subdomain/sibling domain origin โ accepted (attacker.example.com โ app.example.com) | |
20 |
ยง7.2.13 | No Cross-Origin | crossOrigin/topOrigin fields not verified | Embed in attacker iframe โ crossOrigin=true, topOrigin=attacker accepted | |
21 |
ยง7.2.15 | No RP ID | rpIdHash not verified against expected RP ID | Use assertion signed for different RP ID โ still accepted | |
22 |
ยง7.2.15 | Same-Site RP ID | Parent domain RP IDs accepted | Use rpIdHash of parent domain (example.com for app.example.com) โ accepted | |
23 |
ยง7.2.16 | No UP Flag | User Present flag not verified | Set UP=0 in authenticatorData โ accepted without user interaction proof | |
24 |
ยง7.2.17 | No UV Flag | User Verified flag not checked despite UV=required | Set UV=0 in authenticatorData โ accepted without biometric/PIN proof | |
25 |
ยง7.2.18 | No Backup Flags | BE/BS backup flags consistency not verified | Set BE=0, BS=1 (invalid combo) โ still accepted | |
26 |
ยง7.2.19 | No BE Consistency | BE flag not compared against stored backupEligible | Set BE flag different than registration value โ inconsistency not detected | |
27 |
ยง7.2.21 | No Signature | Cryptographic signature not verified | Send invalid/modified signature โ still accepted (critical vuln) | |
28 |
ยง7.2.22 | No Counter | Signature counter not verified for rollback | Replay assertion with lower counter โ cloned authenticator not detected |
Registration Verifiers
Demo Verifiers
These verifiers demonstrate different passkey registration flows.
| ID | Name | Description | Hint | |
|---|---|---|---|---|
29 |
All Algorithms | Supports all common algorithms (ES*, PS*, RS*, EdDSA) | Authenticator picks best supported algorithm from list | |
30 |
ES256 | ECDSA P-256 curve (most common) | COSE alg -7. Default for most authenticators. | |
31 |
ES384 | ECDSA P-384 curve | COSE alg -35. Higher security than ES256. | |
32 |
ES512 | ECDSA P-521 curve | COSE alg -36. Highest EC security level. | |
33 |
PS256 | RSA-PSS SHA-256 | COSE alg -37. RSA probabilistic signature. | |
34 |
PS384 | RSA-PSS SHA-384 | COSE alg -38. Stronger RSA-PSS variant. | |
35 |
PS512 | RSA-PSS SHA-512 | COSE alg -39. Strongest RSA-PSS variant. | |
36 |
RS256 | RSA PKCS#1 SHA-256 | COSE alg -257. Legacy RSA signature. | |
37 |
RS384 | RSA PKCS#1 SHA-384 | COSE alg -258. Legacy RSA variant. | |
38 |
RS512 | RSA PKCS#1 SHA-512 | COSE alg -259. Strongest legacy RSA. | |
39 |
EdDSA | Edwards-curve signature (Ed25519) | COSE alg -8. Modern, efficient curve. | |
40 |
RP ID Upscope | rpId set to parent domain | app.example.com โ rpId=example.com. Allows cross-subdomain credential use. | |
41 |
Platform | Request platform authenticator (Touch ID, Windows Hello) | authenticatorAttachment='platform'. Browser shows only built-in options. | |
42 |
Cross-Platform | Request roaming authenticator (security key, phone) | authenticatorAttachment='cross-platform'. Use YubiKey or cross-device flow. | |
43 |
Attestation | Request attestation statement from authenticator | attestation='direct'. Server receives authenticator make/model info (not enforced). |
Security Verifiers
These verifiers contain intentional vulnerabilities in the registration flow. Find and exploit them to unlock a reward flag!
| ID | Section | Name | Description | Hint | |
|---|---|---|---|---|---|
44 |
ยง7.1.7 | No Type Check | clientDataJSON type not verified | Set type to anything (not 'webauthn.create') โ still accepted | |
45 |
ยง7.1.7 | Type Swap | Wrong ceremony type accepted for registration | Set type='webauthn.get' instead of 'webauthn.create' | |
46 |
ยง7.1.8 | No Challenge | Challenge not verified | Set arbitrary/random challenge in clientDataJSON โ accepted | |
47 |
ยง7.1.8 | Reused Challenge | Used challenges not invalidated | Replay already-used challenge from your session โ accepted again | |
48 |
ยง7.1.8 | Cross-Session Challenge | Challenges from other sessions accepted | Use unused challenge from another session โ accepted | |
49 |
ยง7.1.9 | No Origin | clientDataJSON origin not verified | Set origin to attacker domain โ still accepted | |
50 |
ยง7.1.9 | Same-Site Origin | Same-site origins (subdomains) accepted | Use subdomain/sibling domain origin โ accepted (attacker.example.com โ app.example.com) | |
51 |
ยง7.1.10 | No Cross-Origin | crossOrigin/topOrigin fields not verified | Embed in attacker iframe โ crossOrigin=true, topOrigin=attacker accepted | |
52 |
ยง7.1.14 | No RP ID | rpIdHash not verified against expected RP ID | Use credential signed for different RP ID โ still accepted | |
53 |
ยง7.1.14 | Same-Site RP ID | Parent domain RP IDs accepted | Use rpIdHash of parent domain (example.com for app.example.com) โ accepted | |
54 |
ยง7.1.15 | No UP Flag | User Present flag not verified | Set UP=0 in authenticatorData โ accepted without user interaction proof | |
55 |
ยง7.1.16 | No UV Flag | User Verified flag not checked despite UV=required | Set UV=0 in authenticatorData โ accepted without biometric/PIN proof | |
56 |
ยง7.1.17 | No Backup Flags | BE/BS backup flags consistency not verified | Set BE=0, BS=1 (invalid combo) โ still accepted | |
57 |
ยง7.1.20 | No Algorithm Check | Credential algorithm not verified against pubKeyCredParams | Register with PS384 (excluded from list) โ still accepted | |
58 |
ยง7.1.25 | No Cred ID Length | Credential ID length not verified (max 1023 bytes) | Register with credential ID >1023 bytes โ still accepted (DoS potential) | |
59 |
ยง7.1.26 | Duplicate Cred ID | Duplicate credential IDs allowed โ Account Lockout | Register with victim's credential ID โ your key stored. Victim authenticates โ finds your key (last match) โ signature fails โ lockout. | |
60 |
ยง7.1.26 | Cred Overwrite | Credentials overwritten with new keys โ Account Takeover | Register with victim's credential ID โ your key replaces theirs. Authenticate with victim's cred ID + your key โ logged in as victim. | |
61 |
ยง7.1.26 | Cross-Account Cred | Credentials stored under different user โ Account Forgery | Register with victim's user.id + pubkey โ victim's credential stored in your account. Use 'Discoverable (No UH)' โ victim logs into your account. |