As reported by security researchers, a new OAuth-related vulnerability in an open-source application development framework could allow Facebook, Google, Apple, and Twitter users to account takeover, personal data leaking, identity theft, financial fraud, and unauthorized actions on other online platforms.
The security vulnerability was discovered in the Expo framework, which is used by numerous web businesses to implement the OAuth authentication protocol. CVE-2023-28131 has been assigned to the vulnerability, which is part of the software’s social login capability.
The vulnerability allows a bad actor to take activities on behalf of compromised online platform accounts. According to Salt Security’s API Security Report, users witnessed a 117% rise in API attack traffic in 2016.
OAuth is a standard protocol that allows users to authorize access to private resources on one website or application to another without exposing their login credentials. This is a challenging procedure that can lead to security risks. Researchers from Salt Labs revealed that by altering some phases in the OAuth procedure on the Expo site, they could take control of other accounts and steal sensitive information such as credit card details, private messages, and health records – as well as perform operations online on behalf of other users.
Expo framework is an open-source platform for developing mobile an
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: