Horizon Alert
Summary of the vulnerability and why it matters
A vulnerability has been identified in the @better-auth/sso plugin, an authentication and authorization library. This flaw could allow an attacker to redirect requests to malicious endpoints, potentially leading to unauthorized account access or linking if certain configurations are in place. The main concern is to confirm if this specific library is in use and if the vulnerable configuration exists within your environment.
- Authentication library flaw can redirect user requests.
- Matters if you use this library for user logins.
- Confirm usage and configuration for any risk.
Attack Path
How an attacker could exploit the issue
An attacker with low-privileged access could exploit this vulnerability by manipulating specific configuration URLs within the SSO registration or update process. When discovery is skipped, these URLs are stored without validation and later fetched, potentially allowing the attacker to redirect requests to internal or external services and gain unauthorized account linking.
- Requires authenticated access.
- Triggers by submitting crafted SSO configuration.
- Risk of server-side request forgery.
Live Threat
Current exploitation, exposure, and threat context
This vulnerability could allow an attacker to manipulate authentication settings, potentially leading to unauthorized account linking or server-side request forgery when certain configurations are enabled. This could expose sensitive system information or allow unauthorized access to services.
- System authentication data could be at risk.
- Improperly validated URLs could be exploited.
- Unauthorized account linking may occur.
Operational Fix
Recommended remediation, mitigation, and detection steps
This vulnerability impacts the @better-auth/sso plugin within the Better Auth library. Application owners or platform teams responsible for the identity and access management components should investigate. The first step is to identify all instances of the affected library, assess their exposure and business criticality, and then plan remediation efforts, potentially involving coordination with the library vendor.
- Identify application owners and impacted systems.
- Verify SSO endpoint configurations and reachability.
- Plan vendor coordination and remediation.