bitwarden · ike-kottlowski · Apr 10, 2026 · Apr 10, 2026 · Apr 10, 2026 · Apr 10, 2026
@@ -74,6 +74,7 @@ private static void AddWebAuthnLoginCommands(this IServiceCollection services)
         services.AddScoped<ICreateWebAuthnLoginCredentialCommand, CreateWebAuthnLoginCredentialCommand>();
         services.AddScoped<IGetWebAuthnLoginCredentialAssertionOptionsCommand, GetWebAuthnLoginCredentialAssertionOptionsCommand>();
         services.AddScoped<IAssertWebAuthnLoginCredentialCommand, AssertWebAuthnLoginCredentialCommand>();
+        services.AddScoped<IWebAuthnChallengeCacheProvider, WebAuthnChallengeCacheProvider>();
     }
 
     private static void AddTwoFactorCommandsQueries(this IServiceCollection services)

@@ -0,0 +1,17 @@
+namespace Bit.Core.Auth.UserFeatures.WebAuthnLogin;
+
+/// <summary>
+/// Enforces single-use semantics for WebAuthn assertion challenges per the W3C WebAuthn
+/// specification (§13.4.3). Tracks used challenges so that each challenge can only be
+/// validated once.
+/// </summary>
+public interface IWebAuthnChallengeCacheProvider
+{
+    /// <summary>
+    /// Attempts to mark a challenge as used. Returns <c>true</c> if this is the first use
+    /// (challenge was not in cache and has now been saved). Returns <c>false</c> if the
+    /// challenge was already marked as used (found in cache).
+    /// </summary>
+    /// <param name="challenge">The challenge bytes from <see cref="Fido2NetLib.AssertionOptions.Challenge"/>.</param>
+    Task<bool> TryMarkChallengeAsUsedAsync(byte[] challenge);
+}
@@ -14,16 +14,27 @@ internal class AssertWebAuthnLoginCredentialCommand : IAssertWebAuthnLoginCreden
     private readonly IFido2 _fido2;
     private readonly IWebAuthnCredentialRepository _webAuthnCredentialRepository;
     private readonly IUserRepository _userRepository;
+    private readonly IWebAuthnChallengeCacheProvider _webAuthnChallengeCache;
 
-    public AssertWebAuthnLoginCredentialCommand(IFido2 fido2, IWebAuthnCredentialRepository webAuthnCredentialRepository, IUserRepository userRepository)
+    public AssertWebAuthnLoginCredentialCommand(
+        IFido2 fido2,
+        IWebAuthnCredentialRepository webAuthnCredentialRepository,
+        IUserRepository userRepository,
+        IWebAuthnChallengeCacheProvider webAuthnChallengeCache)
     {
         _fido2 = fido2;
         _webAuthnCredentialRepository = webAuthnCredentialRepository;
         _userRepository = userRepository;
+        _webAuthnChallengeCache = webAuthnChallengeCache;
     }
 
     public async Task<(User, WebAuthnCredential)> AssertWebAuthnLoginCredential(AssertionOptions options, AuthenticatorAssertionRawResponse assertionResponse)
     {
+        if (!await _webAuthnChallengeCache.TryMarkChallengeAsUsedAsync(options.Challenge))
+        {
+            throw new BadRequestException("Invalid credential.");
+        }
+
         if (!GuidUtilities.TryParseBytes(assertionResponse.Response.UserHandle, out var userId))
         {
             throw new BadRequestException("Invalid credential.");

@@ -1,4 +1,4 @@
-using Fido2NetLib;
+using Fido2NetLib;
 using Fido2NetLib.Objects;
 
 namespace Bit.Core.Auth.UserFeatures.WebAuthnLogin.Implementations;

@@ -0,0 +1,33 @@
+using Bit.Core.Utilities;
+using Microsoft.Extensions.Caching.Distributed;
+using Microsoft.Extensions.DependencyInjection;
+
+namespace Bit.Core.Auth.UserFeatures.WebAuthnLogin.Implementations;
+
+internal class WebAuthnChallengeCacheProvider(
+    [FromKeyedServices("persistent")] IDistributedCache distributedCache) : IWebAuthnChallengeCacheProvider
+{
+    private const string _cacheKeyPrefix = "WebAuthnLoginAssertion_";
+    private static readonly DistributedCacheEntryOptions _cacheOptions = new()
+    {
+        AbsoluteExpirationRelativeToNow = TimeSpan.FromMinutes(17)
+    };
+
+    private readonly IDistributedCache _distributedCache = distributedCache;
+
+    public async Task<bool> TryMarkChallengeAsUsedAsync(byte[] challenge)
+    {
+        var cacheKey = BuildCacheKey(challenge);
+        var cached = await _distributedCache.GetAsync(cacheKey);
+        if (cached != null)
+        {
+            return false;
+        }
+
+        await _distributedCache.SetAsync(cacheKey, [1], _cacheOptions);
+        return true;
+    }
+
+    private static string BuildCacheKey(byte[] challenge)
+        => $"{_cacheKeyPrefix}{CoreHelpers.Base64UrlEncode(challenge)}";
+}
@@ -1,4 +1,5 @@
-using System.Text;
+using System.Globalization;
+using System.Text;
 using Bit.Core;
 using Bit.Core.Auth.Enums;
 using Bit.Core.Auth.Models.Api.Request.Accounts;
@@ -266,7 +267,7 @@ private UserKdfInformation GetDefaultKdf(string email)
         // Convert the hash to a number
         var hashHex = BitConverter.ToString(hmacHash).Replace("-", string.Empty).ToLowerInvariant();
         var hashFirst8Bytes = hashHex.Substring(0, 16);
-        var hashNumber = long.Parse(hashFirst8Bytes, System.Globalization.NumberStyles.HexNumber);
+        var hashNumber = long.Parse(hashFirst8Bytes, NumberStyles.HexNumber, CultureInfo.InvariantCulture);
         // Find the default KDF value for this hash number
         var hashIndex = (int)(Math.Abs(hashNumber) % _defaultKdfResults.Count);
         return _defaultKdfResults[hashIndex];

@@ -1,7 +1,4 @@
-// FIXME: Update this file to be null safe and then delete the line below
-#nullable disable
-
-using System.Security.Claims;
+using System.Security.Claims;
 using System.Text.Json;
 using Bit.Core;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies;
@@ -98,7 +95,7 @@ public async Task ValidateAsync(ExtensionGrantValidationContext context)
             token.TokenIsValid(WebAuthnLoginAssertionOptionsScope.Authentication);
         var deviceResponse = JsonSerializer.Deserialize<AuthenticatorAssertionRawResponse>(rawDeviceResponse);
 
-        if (!verified)
+        if (!verified || deviceResponse == null)
         {
             context.Result = new GrantValidationResult(TokenRequestErrors.InvalidRequest);
             return;

@@ -162,11 +162,16 @@ public async Task AssertionOptions_UserVerificationFailed_ThrowsBadRequestExcept
     }
 
     [Theory, BitAutoData]
-    public async Task AssertionOptions_UserVerificationSuccess_ReturnsAssertionOptions(SecretVerificationRequestModel requestModel, User user, SutProvider<WebAuthnController> sutProvider)
+    public async Task AssertionOptions_UserVerificationSuccess_ReturnsAssertionOptions(
+        SecretVerificationRequestModel requestModel, User user, AssertionOptions assertionOptions,
+        SutProvider<WebAuthnController> sutProvider)
     {
         // Arrange
         sutProvider.GetDependency<IUserService>().GetUserByPrincipalAsync(default).ReturnsForAnyArgs(user);
         sutProvider.GetDependency<IUserService>().VerifySecretAsync(user, requestModel.Secret).Returns(true);
+        sutProvider.GetDependency<IGetWebAuthnLoginCredentialAssertionOptionsCommand>()
+            .GetWebAuthnLoginCredentialAssertionOptions()
+            .Returns(assertionOptions);
         sutProvider.GetDependency<IDataProtectorTokenFactory<WebAuthnLoginAssertionOptionsTokenable>>()
             .Protect(Arg.Any<WebAuthnLoginAssertionOptionsTokenable>()).Returns("token");
 
@@ -177,6 +182,7 @@ public async Task AssertionOptions_UserVerificationSuccess_ReturnsAssertionOptio
         Assert.NotNull(result);
         Assert.IsType<WebAuthnLoginAssertionOptionsResponseModel>(result);
     }
+
     #endregion
 
     [Theory, BitAutoData]
@@ -467,7 +473,6 @@ public async Task Put_UpdateCredential_Success(User user, WebAuthnCredential cre
         sutProvider.GetDependency<IDataProtectorTokenFactory<WebAuthnLoginAssertionOptionsTokenable>>()
             .Unprotect(requestModel.Token)
             .Returns(token);
-
         sutProvider.GetDependency<IAssertWebAuthnLoginCredentialCommand>()
             .AssertWebAuthnLoginCredential(assertionOptions, requestModel.DeviceResponse)
             .Returns((user, credential));

@@ -1,6 +1,7 @@
 using System.Text;
 using Bit.Core.Auth.Entities;
 using Bit.Core.Auth.Repositories;
+using Bit.Core.Auth.UserFeatures.WebAuthnLogin;
 using Bit.Core.Auth.UserFeatures.WebAuthnLogin.Implementations;
 using Bit.Core.Entities;
 using Bit.Core.Exceptions;
@@ -19,10 +20,27 @@ namespace Bit.Core.Test.Auth.UserFeatures.WebAuthnLogin;
 [SutProviderCustomize]
 public class AssertWebAuthnLoginCredentialCommandTests
 {
+    [Theory, BitAutoData]
+    internal async Task ChallengeNotConsumed_ThrowsBadRequestException(SutProvider<AssertWebAuthnLoginCredentialCommand> sutProvider, AssertionOptions options, AuthenticatorAssertionRawResponse response)
+    {
+        // Arrange
+        sutProvider.GetDependency<IWebAuthnChallengeCacheProvider>()
+            .TryMarkChallengeAsUsedAsync(options.Challenge)
+            .Returns(false);
+
+        // Act
+        var result = async () => await sutProvider.Sut.AssertWebAuthnLoginCredential(options, response);
+
+        // Assert
+        await Assert.ThrowsAsync<BadRequestException>(result);
+    }
+
     [Theory, BitAutoData]
     internal async Task InvalidUserHandle_ThrowsBadRequestException(SutProvider<AssertWebAuthnLoginCredentialCommand> sutProvider, AssertionOptions options, AuthenticatorAssertionRawResponse response)
     {
         // Arrange
+        sutProvider.GetDependency<IWebAuthnChallengeCacheProvider>()
+            .TryMarkChallengeAsUsedAsync(options.Challenge).Returns(true);
         response.Response.UserHandle = Encoding.UTF8.GetBytes("invalid-user-handle");
 
         // Act
@@ -36,6 +54,8 @@ internal async Task InvalidUserHandle_ThrowsBadRequestException(SutProvider<Asse
     internal async Task UserNotFound_ThrowsBadRequestException(SutProvider<AssertWebAuthnLoginCredentialCommand> sutProvider, User user, AssertionOptions options, AuthenticatorAssertionRawResponse response)
     {
         // Arrange
+        sutProvider.GetDependency<IWebAuthnChallengeCacheProvider>()
+            .TryMarkChallengeAsUsedAsync(options.Challenge).Returns(true);
         response.Response.UserHandle = user.Id.ToByteArray();
         sutProvider.GetDependency<IUserRepository>().GetByIdAsync(user.Id).ReturnsNull();
 
@@ -50,6 +70,8 @@ internal async Task UserNotFound_ThrowsBadRequestException(SutProvider<AssertWeb
     internal async Task NoMatchingCredentialExists_ThrowsBadRequestException(SutProvider<AssertWebAuthnLoginCredentialCommand> sutProvider, User user, AssertionOptions options, AuthenticatorAssertionRawResponse response)
     {
         // Arrange
+        sutProvider.GetDependency<IWebAuthnChallengeCacheProvider>()
+            .TryMarkChallengeAsUsedAsync(options.Challenge).Returns(true);
         response.Response.UserHandle = user.Id.ToByteArray();
         sutProvider.GetDependency<IUserRepository>().GetByIdAsync(user.Id).Returns(user);
         sutProvider.GetDependency<IWebAuthnCredentialRepository>().GetManyByUserIdAsync(user.Id).Returns(new WebAuthnCredential[] { });
@@ -65,6 +87,8 @@ internal async Task NoMatchingCredentialExists_ThrowsBadRequestException(SutProv
     internal async Task AssertionFails_ThrowsBadRequestException(SutProvider<AssertWebAuthnLoginCredentialCommand> sutProvider, User user, AssertionOptions options, AuthenticatorAssertionRawResponse response, WebAuthnCredential credential, AssertionVerificationResult assertionResult)
     {
         // Arrange
+        sutProvider.GetDependency<IWebAuthnChallengeCacheProvider>()
+            .TryMarkChallengeAsUsedAsync(options.Challenge).Returns(true);
         var credentialId = Guid.NewGuid().ToByteArray();
         credential.CredentialId = CoreHelpers.Base64UrlEncode(credentialId);
         response.Id = credentialId;
@@ -86,6 +110,8 @@ internal async Task AssertionFails_ThrowsBadRequestException(SutProvider<AssertW
     internal async Task AssertionSucceeds_ReturnsUserAndCredential(SutProvider<AssertWebAuthnLoginCredentialCommand> sutProvider, User user, AssertionOptions options, AuthenticatorAssertionRawResponse response, WebAuthnCredential credential, AssertionVerificationResult assertionResult)
     {
         // Arrange
+        sutProvider.GetDependency<IWebAuthnChallengeCacheProvider>()
+            .TryMarkChallengeAsUsedAsync(options.Challenge).Returns(true);
         var credentialId = Guid.NewGuid().ToByteArray();
         credential.CredentialId = CoreHelpers.Base64UrlEncode(credentialId);
         response.Id = credentialId;

@@ -0,0 +1,66 @@
+using Bit.Core.Auth.UserFeatures.WebAuthnLogin.Implementations;
+using Bit.Core.Utilities;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using Microsoft.Extensions.Caching.Distributed;
+using NSubstitute;
+using Xunit;
+
+namespace Bit.Core.Test.Auth.UserFeatures.WebAuthnLogin;
+
+[SutProviderCustomize]
+public class WebAuthnChallengeCacheProviderTests
+{
+    [Theory, BitAutoData]
+    internal async Task TryMarkChallengeAsUsedAsync_FirstUse_SavesAndReturnsTrue(
+        SutProvider<WebAuthnChallengeCacheProvider> sutProvider)
+    {
+        // Arrange
+        var challenge = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 };
+        var expectedKey = $"WebAuthnLoginAssertion_{CoreHelpers.Base64UrlEncode(challenge)}";
+
+        sutProvider.GetDependency<IDistributedCache>()
+            .GetAsync(expectedKey, Arg.Any<CancellationToken>())
+            .Returns((byte[])null);
+
+        // Act
+        var result = await sutProvider.Sut.TryMarkChallengeAsUsedAsync(challenge);
+
+        // Assert
+        Assert.True(result);
+        await sutProvider.GetDependency<IDistributedCache>()
+            .Received(1)
+            .SetAsync(
+                expectedKey,
+                Arg.Is<byte[]>(b => b.Length == 1 && b[0] == 1),
+                Arg.Is<DistributedCacheEntryOptions>(o =>
+                    o.AbsoluteExpirationRelativeToNow == TimeSpan.FromMinutes(17)),
+                Arg.Any<CancellationToken>());
+    }
+
+    [Theory, BitAutoData]
+    internal async Task TryMarkChallengeAsUsedAsync_AlreadyUsed_ReturnsFalseAndDoesNotSave(
+        SutProvider<WebAuthnChallengeCacheProvider> sutProvider)
+    {
+        // Arrange
+        var challenge = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 };
+        var expectedKey = $"WebAuthnLoginAssertion_{CoreHelpers.Base64UrlEncode(challenge)}";
+
+        sutProvider.GetDependency<IDistributedCache>()
+            .GetAsync(expectedKey, Arg.Any<CancellationToken>())
+            .Returns(new byte[] { 1 });
+
+        // Act
+        var result = await sutProvider.Sut.TryMarkChallengeAsUsedAsync(challenge);
+
+        // Assert
+        Assert.False(result);
+        await sutProvider.GetDependency<IDistributedCache>()
+            .DidNotReceive()
+            .SetAsync(
+                Arg.Any<string>(),
+                Arg.Any<byte[]>(),
+                Arg.Any<DistributedCacheEntryOptions>(),
+                Arg.Any<CancellationToken>());
+    }
+}
@@ -1088,4 +1088,5 @@ private int GetExpectedKdfIndex(string email, byte[] defaultKey, List<UserKdfInf
         var hashNumber = long.Parse(hashFirst8Bytes, System.Globalization.NumberStyles.HexNumber);
         return (int)(Math.Abs(hashNumber) % defaultKdfResults.Count);
     }
+
 }
-Original file line number
+Diff line change
@@ Expand Up @@
             var hashNumber = long.Parse(hashFirst8Bytes, System.Globalization.NumberStyles.HexNumber);
             return (int)(Math.Abs(hashNumber) % defaultKdfResults.Count);
         }
     }