cve/2023/CVE-2023-28131.md

### [CVE-2023-28131](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28131)
![](https://img.shields.io/static/v1?label=Product&message=Expo%20AuthSession%20module&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=The%20use%20of%20AuthSession%20modules%E2%80%99s%20useProxy%20in%20Expo%20below%20SDK%2048%20may%20allow%20OAuth%20hijacking%2C%20which%20leads%20to%20credentials%20theft%20and%20Account%20Takeover.&color=brighgreen)

### Description

A vulnerability in the expo.io framework allows an attacker to take over accounts and steal credentials on an application/website that configured the "Expo AuthSession Redirect Proxy" for social sign-in. This can be achieved once a victim clicks a malicious link. The link itself may be sent to the victim in various ways (including email, text message, an attacker-controlled website, etc).

### POC

#### Reference
- https://www.darkreading.com/endpoint/oauth-flaw-in-expo-platform-affects-hundreds-of-third-party-sites-apps
- https://www.darkreading.com/endpoint/oauth-flaw-in-expo-platform-affects-hundreds-of-third-party-sites-apps

#### Github
No PoCs found on GitHub currently.
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2023-28131](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28131)`
			`![](https://img.shields.io/static/v1?label=Product&message=Expo%20AuthSession%20module&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=The%20use%20of%20AuthSession%20modules%E2%80%99s%20useProxy%20in%20Expo%20below%20SDK%2048%20may%20allow%20OAuth%20hijacking%2C%20which%20leads%20to%20credentials%20theft%20and%20Account%20Takeover.&color=brighgreen)`

			`### Description`

			`A vulnerability in the expo.io framework allows an attacker to take over accounts and steal credentials on an application/website that configured the "Expo AuthSession Redirect Proxy" for social sign-in. This can be achieved once a victim clicks a malicious link. The link itself may be sent to the victim in various ways (including email, text message, an attacker-controlled website, etc).`

			`### POC`

			`#### Reference`
			`- https://www.darkreading.com/endpoint/oauth-flaw-in-expo-platform-affects-hundreds-of-third-party-sites-apps`
Update CVE sources 2024-06-09 00:33 2024-06-09 00:33:16 +00:00			`- https://www.darkreading.com/endpoint/oauth-flaw-in-expo-platform-affects-hundreds-of-third-party-sites-apps`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00
			`#### Github`
			`No PoCs found on GitHub currently.`