Two researchers analyzed Better-Authβs origin-check vulnerability, detailing open redirect risks and a patch that followed disclosures. The write-up traces how trustedOrigins validation could still be bypassed and notes a subsequent patch and vulnerability reporting by multiple researchers.
#Better-Auth #OpenRedirect #trustedOrigins #OpenRedirectVulnerability #PatchDeployment
#Better-Auth #OpenRedirect #trustedOrigins #OpenRedirectVulnerability #PatchDeployment
Keypoints
- Better-auth is an open-source TypeScript library that handles multiple authentication flows.
- Origin-check middleware validates URLs against trustedOrigins to prevent redirects.
- Initial bypasses exploited a logic condition combining startsWith(β/β) with URL pattern checks and lacked protection for certain URL forms.
- Researchers demonstrated bypass scenarios including //attacker.com and wildcard patterns, prompting patches.
- A patch tightened checks by excluding URLs starting with // and added safeguards against wildcard-based exploits.
Read More: https://castilho.sh/better-auth