On the 3rd of September, Yubico announced YSA-2024-03, a vulnerability in the infineon cryptograhpic library which may allow private key extraction to be performed. As is tradition, arm chair experts and thought leaders everywhere rushed to have hot takes on the situation, without adequately understanding the way that the attack works and how it fits into Webauthn on a technical level. TL;DR - Do I Need To Worry No. This attack while cool as heck, is not a risk to the majority of yubikey user...
