Tag
eduMFA versions prior to 2.9.1 are vulnerable to replay attacks due to a missing expiration flag in userless Passkey/WebAuthn challenges, potentially leading to unauthorized access.