Feathersjs Origin Validation Bypass Vulnerability in OAuth Authentication

A vulnerability exists in the Feathersjs framework, specifically in the OAuth authentication module, in versions 5.0.39 and prior. The issue arises from inadequate origin validation, which relies on prefix matching. This flaw allows attackers to bypass restrictions by registering domains that share a common prefix with allowed origins. Exploitation can lead to unauthorized access during the OAuth flow, potentially allowing attackers to exfiltrate tokens and take over accounts.

Impact

Exploitation of this vulnerability can result in unauthorized access to user accounts by bypassing origin validation in the OAuth authentication process, allowing attackers to exfiltrate tokens and initiate account takeover.

Reproduction

To reproduce this vulnerability, configure the 'origins' array in the Feathersjs OAuth strategy to include a domain, such as 'https://target.com'. Then, register a malicious domain that shares a prefix with the allowed origin, such as 'https://target.com.attacker.com'. When the OAuth flow is initiated from the unauthorized origin, the origin validation will incorrectly allow the request, enabling token exfiltration and account takeover.

Remediation

Users can upgrade to Feathersjs version 5.0.40 or later, where this vulnerability has been patched.