Summary: A critical security vulnerability has been identified in the Better Auth library, allowing attackers to bypass security protections and redirect users to malicious sites. This issue stems from improper validation of callback URLs and weak regex patterns in the trustedOrigins feature, leading to potential account takeovers. Users are urged to update to version 1.1.21 to safeguard against these risks.
Affected: Better Auth library
Keypoints :
- A vulnerability in the trustedOrigins feature permits open redirect attacks.
- Attackers can exploit this to steal password reset tokens from victims.
- Better Auth has released version 1.1.21 to fix the issue, and users must update promptly.
Source: https://securityonline.info/account-takeover-vulnerability-found-in-better-auth-library/
Views: 10