diff --git a/protocol/metadata.go b/protocol/metadata.go
index 01af76a..1937805 100644
--- a/protocol/metadata.go
+++ b/protocol/metadata.go
@@ -36,7 +36,7 @@ func ValidateMetadata(ctx context.Context, mds metadata.Provider, aaguid uuid.UU
 		return nil
 	}
 
-	if mds.GetValidateAttestationTypes(ctx) && attestationType != "" {
+	if attestationType != "" && mds.GetValidateAttestationTypes(ctx) {
 		found := false
 
 		for _, atype := range entry.MetadataStatement.AttestationTypes {
diff --git a/webauthn/login.go b/webauthn/login.go
index a474ec6..aa6b53e 100644
--- a/webauthn/login.go
+++ b/webauthn/login.go
@@ -343,7 +343,9 @@ func (webauthn *WebAuthn) validateLogin(user User, session SessionData, parsedRe
 	if webauthn.Config.MDS != nil {
 		var aaguid uuid.UUID
 
-		if aaguid, err = uuid.FromBytes(credential.Authenticator.AAGUID); err != nil {
+		if len(credential.Authenticator.AAGUID) == 0 {
+			aaguid = uuid.Nil
+		} else if aaguid, err = uuid.FromBytes(credential.Authenticator.AAGUID); err != nil {
 			return nil, protocol.ErrBadRequest.WithDetails("Failed to decode AAGUID").WithInfo(fmt.Sprintf("Error occurred decoding AAGUID from the credential record: %s", err)).WithError(err)
 		}