diff --git a/lib/srv/desktop/tdp/proto.go b/lib/srv/desktop/tdp/proto.go
index 59c00dd19bde3..3d672fa180d69 100644
--- a/lib/srv/desktop/tdp/proto.go
+++ b/lib/srv/desktop/tdp/proto.go
@@ -740,7 +740,7 @@ func DecodeMFA(in byteReader) (*MFA, error) {
 	case defaults.MFAChallenge:
 	default:
 		return nil, trace.BadParameter(
-			"got mfa type %v, expected %v (WebAuthn)", mt, defaults.MFAChallenge)
+			"got mfa type %v, expected %v (MFAChallenge)", mt, defaults.MFAChallenge)
 	}
 
 	var length uint32
@@ -783,7 +783,7 @@ func DecodeMFAChallenge(in byteReader) (*MFA, error) {
 	case defaults.MFAChallenge:
 	default:
 		return nil, trace.BadParameter(
-			"got mfa type %v, expected %v (WebAuthn)", mt, defaults.MFAChallenge)
+			"got mfa type %v, expected %v (MFAChallenge)", mt, defaults.MFAChallenge)
 	}
 
 	var length uint32
diff --git a/lib/web/mfa_codec.go b/lib/web/mfa_codec.go
index 1064efabba59c..644de26e6f270 100644
--- a/lib/web/mfa_codec.go
+++ b/lib/web/mfa_codec.go
@@ -79,7 +79,7 @@ func (tdpMFACodec) Encode(chal *client.MFAAuthenticateChallenge, envelopeType st
 	case defaults.MFAChallenge:
 	default:
 		return nil, trace.BadParameter(
-			"received envelope type %v, expected %v (WebAuthn)", envelopeType, defaults.MFAChallenge)
+			"received envelope type %v, expected %v (MFAChallenge)", envelopeType, defaults.MFAChallenge)
 	}
 
 	tdpMsg := tdp.MFA{
diff --git a/lib/web/mfajson/mfajson.go b/lib/web/mfajson/mfajson.go
index 5605f06cc36a2..70abb8ecfec32 100644
--- a/lib/web/mfajson/mfajson.go
+++ b/lib/web/mfajson/mfajson.go
@@ -49,7 +49,7 @@ func Decode(b []byte, typ string) (*authproto.MFAAuthenticateResponse, error) {
 	case resp.CredentialAssertionResponse != nil:
 		return &authproto.MFAAuthenticateResponse{
 			Response: &authproto.MFAAuthenticateResponse_Webauthn{
-				Webauthn: wantypes.CredentialAssertionResponseToProto(resp.WebauthnResponse),
+				Webauthn: wantypes.CredentialAssertionResponseToProto(resp.CredentialAssertionResponse),
 			},
 		}, nil
 	case resp.WebauthnResponse != nil: