tsh crashes on Windows when attempting to add a WebAuthn MFA device

[bl-nero]

Expected behavior:

tsh mfa add should let me confirm my identity before adding a new device.

Current behavior:

tsh crashes when attempting to show the WebAuthn dialog. Reproducible 2 of 5 times on Windows; unable to reproduce on v17.4.10 on the same machine with the same configuration.

Bug details:

• Teleport version: 18.0.0-alpha.1 (Windows 11 Home 23H2).
• Recreation steps:

1. Sign into a remote cluster.
2. Use tsh mfa add.
3. Use webauthn for the device type.
4. Enter device name.
5. Answer "yes" to the question about passwordless.

Right after I gave the last answer, tsh decided (correctly) to use webauthn identity confirmation method and then (sometimes) immediately crashed without giving me a chance to confirm my identity.

The user I was working with had multiple MFAs configured (OTP, at least one Ubikey, TouchID), though I don't know if it's relevant. I was also unable to reproduce the issue with --mfa-mode explicitly specified. That machine has an AMD TPM. Windows Hello doesn't support fingerprints or face recognition; it was configured using a PIN. There were no USB authentication keys attached to the computer.

• Debug logs: error.txt

[gzdunek]

I just had the same problem in Connect when trying to log in with WebAuthn (the error in tshd was identical).

There was a similar issue in the past #31333.