AUTH-FIDO2-ATTESTDefense Evasion

FIDO2 Attestation Downgrade

RP accepts 'none' attestation — virtual authenticators with attacker-chosen credIDs are accepted as real hardware keys.

§ Where this technique fits

AUTH-FIDO2-ATTEST is catalogued under the Defense Evasion tactic of the offensive-security kill-chain. It appears in 0 approved dossiers in the registry, typically.