How We Added WebAuthn to a Browser-Based RDP Client
Read original article ↗AI Summary
This article details a research effort to implement WebAuthn redirection in a browser-based RDP client, reverse-engineering Microsoft's undocumented internal handling of WebAuthn in Windows. The research uncovered that Microsoft's mstsc.exe uses an undocumented internal plugin path in webauthn.dll to process hash-only WebAuthn requests from older Windows servers, while public APIs require full clientDataJSON. The work enabled the first non-Windows implementation of WebAuthn redirection in an RDP client, predating FreeRDP's support. The findings highlight critical gaps in Microsoft's documentation and the complexity of cross-platform WebAuthn implementation in RDP environments.
AI-extracted · verify before operational use
No entities or IoCs were extracted from this article.