CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Synced Passkeys Vulnerable to Enterprise Attacks

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

Synced passkeys, which are credentials stored in an authenticator and synced across devices through cloud services, pose significant security risks for enterprises. These risks include cloud account takeovers, authentication downgrade attacks, and browser-based security vulnerabilities. Device-bound passkeys in hardware security keys offer higher assurance and better administrative control, and should be mandatory for enterprise access use cases. Synced passkeys shift the trust boundary to cloud accounts and recovery workflows, expanding the attack surface. Adversaries can exploit these vulnerabilities to gain unauthorized access to enterprise systems. Organizations should prioritize device-bound passkeys to enhance security.

Timeline

  1. 15.10.2025 14:30 1 articles · 23h ago

    Synced Passkeys Vulnerable to Enterprise Attacks

    Synced passkeys, which are credentials stored in an authenticator and synced across devices through cloud services, pose significant security risks for enterprises. These risks include cloud account takeovers, authentication downgrade attacks, and browser-based security vulnerabilities. Adversaries can exploit these vulnerabilities to gain unauthorized access to enterprise systems. Organizations should prioritize device-bound passkeys to enhance security.

    Show sources
    Open in new tab

Information Snippets

  • Synced passkeys are credentials stored in an authenticator and synced across devices through cloud services like iCloud and Google Cloud.

    First reported: 15.10.2025 14:30
    1 source, 1 article
    Show sources

  • Synced passkeys shift the trust boundary to cloud accounts and recovery workflows, expanding the attack surface.

    First reported: 15.10.2025 14:30
    1 source, 1 article
    Show sources

  • Adversary-in-the-middle (AiTM) kits can force authentication fallbacks, circumventing strong authentication.

    First reported: 15.10.2025 14:30
    1 source, 1 article
    Show sources

  • Malicious or compromised browser extensions can hijack WebAuthn requests, manipulate passkey registration or sign-in, and drive autofill to leak credentials and one-time codes.

    First reported: 15.10.2025 14:30
    1 source, 1 article
    Show sources

  • Device-bound passkeys in hardware security keys offer higher assurance and better administrative control than synced passkeys.

    First reported: 15.10.2025 14:30
    1 source, 1 article
    Show sources

  • Proofpoint researchers documented a practical downgrade attack against Microsoft Entra ID, where a phishing proxy spoofs an unsupported browser, disabling passkeys and guiding users to select weaker authentication methods.

    First reported: 15.10.2025 14:30
    1 source, 1 article
    Show sources

  • SquareX researchers showed that a compromised browser environment can hijack WebAuthn calls and manipulate passkey registration or sign-in.

    First reported: 15.10.2025 14:30
    1 source, 1 article
    Show sources

  • Chrome's webAuthenticationProxy API can intercept navigator.credentials.create() and navigator.credentials.get() methods, allowing extensions to sit in the WebAuthn path.

    First reported: 15.10.2025 14:30
    1 source, 1 article
    Show sources

  • Independent research presented at DEF CON described DOM-based extension clickjacking that targets the UI elements injected by password manager extensions, potentially exploiting passkey authentication.

    First reported: 15.10.2025 14:30
    1 source, 1 article
    Show sources