unit42.paloaltonetworks.com 7/2/2026, 10:32:38 PM · external

How We Added WebAuthn to a Browser-Based RDP Client

How We Added WebAuthn to a Browser-Based RDP Client
CyberSIXT Evidence Panel Source marked as original reporting

THE article discusses the development of a browser-based RDP client by Palo Alto Networks' Unit 42 team that supports WebAuthn redirection, surpassing Microsoft's own macOS, iOS, and Linux clients. It details the challenges faced in implementing the functionality due to gaps in the protocol specifications and undocumented code paths in Microsoft's Windows implementation.

The author highlights the innovative use of AI and reverse-engineering techniques to create a custom browser API that handles WebAuthn requests, allowing better integration of security keys like YubiKey. The article concludes by emphasizing the importance of detailed implementation knowledge in overcoming platform-specific challenges and announcing support from FreeRDP for the same functionalities.

View full article

Article by CyberSIXT