Browsing tag
A critical security vulnerability has been disclosed in the Open Authorization (OAuth) implementation of the application development framework Expo.io. The shortcoming, assigned the CVE identifier CVE-2023-28131, has a severity rating of 9.6 on the CVSS scoring system. API security firm Salt Labs said the issue rendered services using the framework susceptible to credential leakage, which […]
PayPal fixed an issue that could have allowed an attacker to hijack OAuth tokens associated with any PayPal OAuth application. The vulnerability was publicly disclosed on Monday by Antonio Sanso, a senior software engineer at Adobe, after he came across the issue while testing his own OAuth client. For its part, PayPal remedied the vulnerability about […]
Short Bytes: Three researchers from the Chinese University of Hong Kong have scanned multiple Google apps on the US and Chinese app store and found a serious vulnerability. This flaw resides in the way OAuth 2.0 is implemented in these apps. Due to faulty practices, a hacker can remotely exploit a victim’s app and access the personal […]