A vulnerability in the expo.io framework allows an attacker to take over accounts and steal credentials on an application/website that configured the Expo AuthSession Redirect Proxy for social sign-in. This can be achieved once a victim clicks a malicious link. The link itself may be sent to the victim in various ways (including email, text message, an attacker-controlled website, etc).
Weakness
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Expo_software_development_kit | Expo | 45.0.0 (including) | 48.0.0 (excluding) |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/102.html
- https://cwe.mitre.org/data/definitions/474.html
- https://cwe.mitre.org/data/definitions/50.html
- https://cwe.mitre.org/data/definitions/509.html
- https://cwe.mitre.org/data/definitions/551.html
- https://cwe.mitre.org/data/definitions/555.html
- https://cwe.mitre.org/data/definitions/560.html
- https://cwe.mitre.org/data/definitions/561.html
- https://cwe.mitre.org/data/definitions/600.html
- https://cwe.mitre.org/data/definitions/644.html
- https://cwe.mitre.org/data/definitions/645.html
- https://cwe.mitre.org/data/definitions/652.html
- https://cwe.mitre.org/data/definitions/653.html
References
- https://blog.expo.dev/security-advisory-for-developers-using-authsessions-useproxy-options-and-auth-expo-io-e470fe9346df
- https://www.darkreading.com/endpoint/oauth-flaw-in-expo-platform-affects-hundreds-of-third-party-sites-apps
- https://blog.expo.dev/security-advisory-for-developers-using-authsessions-useproxy-options-and-auth-expo-io-e470fe9346df
- https://www.darkreading.com/endpoint/oauth-flaw-in-expo-platform-affects-hundreds-of-third-party-sites-apps