Module com.webauthn4j.core

Package com.webauthn4j.verifier

Interface MaliciousCounterValueHandler

public interface MaliciousCounterValueHandler

Strategy interface to handle malicious counter value during authentication.

The WebAuthn specification requires that the signature counter value in an authenticator increases after each authentication operation. If a counter value is detected that is less than or equal to the previously registered counter value, it may indicate that the authenticator has been cloned or that a replay attack is being attempted.

Implementations of this interface define strategies for handling such suspicious counter values, whether to throw an exception, log a warning, or take other mitigating actions.

Method Summary

Modifier and Type	Method	Description
void	maliciousCounterValueDetected(@NotNull AuthenticationObject authenticationObject)	Handles a detected malicious counter value during authentication.

Method Details

maliciousCounterValueDetected

void maliciousCounterValueDetected(@NotNull
 @NotNull AuthenticationObject authenticationObject)

Handles a detected malicious counter value during authentication.

This method is called when the authenticator's counter value is less than or equal to the previously registered counter value, which may indicate a cloned authenticator or replay attack.

Parameters:

authenticationObject - the authentication object containing the detected malicious counter value

Throws:

MaliciousCounterValueException - if the default implementation is used