diff --git a/.github/workflows/crypto_test.yml b/.github/workflows/crypto_test.yml
index 1740280..50fdf88 100644
--- a/.github/workflows/crypto_test.yml
+++ b/.github/workflows/crypto_test.yml
@@ -27,7 +27,7 @@ jobs:
       - name: Set up OpenSK
         run: ./setup.sh
 
-      - run: echo "::set-env name=RUSTFLAGS::-C target-feature=+aes"
+      - run: echo "RUSTFLAGS=-C target-feature=+aes" >> $GITHUB_ENV
 
       - name: Unit testing of crypto library (release mode)
         uses: actions-rs/cargo@v1
diff --git a/src/ctap/hid/mod.rs b/src/ctap/hid/mod.rs
index 3a96699..a6a18f7 100644
--- a/src/ctap/hid/mod.rs
+++ b/src/ctap/hid/mod.rs
@@ -298,7 +298,9 @@ impl CtapHid {
                 HidPacketIterator::none()
             }
             Err((cid, error)) => {
-                if !self.is_allocated_channel(cid) {
+                if !self.is_allocated_channel(cid)
+                    && error != receive::Error::UnexpectedContinuation
+                {
                     CtapHid::error_message(cid, CtapHid::ERR_INVALID_CHANNEL)
                 } else {
                     match error {
@@ -514,6 +516,27 @@ mod test {
         }
     }
 
+    #[test]
+    fn test_spurious_continuation_packet() {
+        let mut rng = ThreadRng256 {};
+        let user_immediately_present = |_| Ok(());
+        let mut ctap_state = CtapState::new(&mut rng, user_immediately_present);
+        let mut ctap_hid = CtapHid::new();
+
+        let mut packet = [0x00; 64];
+        packet[0..7].copy_from_slice(&[0xC1, 0xC1, 0xC1, 0xC1, 0x00, 0x51, 0x51]);
+        let mut assembler_reply = MessageAssembler::new();
+        for pkt_reply in ctap_hid.process_hid_packet(&packet, DUMMY_CLOCK_VALUE, &mut ctap_state) {
+            // Continuation packets are silently ignored.
+            assert_eq!(
+                assembler_reply
+                    .parse_packet(&pkt_reply, DUMMY_TIMESTAMP)
+                    .unwrap(),
+                None
+            );
+        }
+    }
+
     #[test]
     fn test_command_init() {
         let mut rng = ThreadRng256 {};
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 1a98ce5..66ef234 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -392,12 +392,16 @@ where
         let has_extension_output = use_hmac_extension || cred_protect_policy.is_some();
 
         let rp_id = rp.rp_id;
+        let rp_id_hash = Sha256::hash(rp_id.as_bytes());
         if let Some(exclude_list) = exclude_list {
             for cred_desc in exclude_list {
                 if self
                     .persistent_store
                     .find_credential(&rp_id, &cred_desc.key_id, pin_uv_auth_param.is_none())?
                     .is_some()
+                    || self
+                        .decrypt_credential_source(cred_desc.key_id, &rp_id_hash)?
+                        .is_some()
                 {
                     // Perform this check, so bad actors can't brute force exclude_list
                     // without user interaction.
@@ -446,7 +450,6 @@ where
         let sk = crypto::ecdsa::SecKey::gensk(self.rng);
         let pk = sk.genpk();
 
-        let rp_id_hash = Sha256::hash(rp_id.as_bytes());
         let credential_id = if options.rk {
             let random_id = self.rng.gen_uniform_u8x32().to_vec();
             let credential_source = PublicKeyCredentialSource {