WB-S-2 — Attacker submits fabricated WebAuthn assertion for registration/login
Component: Wallet Backend. Mitigations: Challenge validated single-use (5-min TTL); attestation verified; AAGUID blacklist. Action: None required.
| Property | Value |
|---|---|
| Section | Spoofing |
| Owner | platform |
Mapped Controls
| Control | Title |
|---|---|
| SID-AUTH-01 | FIDO2/WebAuthn Passwordless Authentication |
Source: STRIDE analysis (April 2026), architecture/stride-threat-model.md