A recent vulnerability found in modern Java JDK ECDSA implementations breaks WebAuthn.
Since all Nitrokey Fido2 devices only support ECDSA, there is no alternative algorithm to switch to and users authenticating to affected backend implementations are screwed.
Backends such as Gitlab implement safe curve crypto such as ed25519 and therefore allow the use of an alternative.
As was already requested here , it would be good to have an alternative implemention available, as supported (though not required) by the Fido2 standard.
Other Fido2 vendors already provide such alternatives and their users can switch to those to avoid that risk.
I would like to point out that issues like CVE-2022-21449 are very much the reason why many respectable cryptographer recommend the use of safe ecc implementations https://safecurves.cr.yp.to/
Implementing the (NSA developed) ECDSA algorithm is required by the Fido2 standard but Fido2 devices can default to alternatives such as ed25519 and I would think that would make sense for an open source hardware vendor such as Nitrokey.