As reported by The Register, Mandiant has launched an open-source tool named AuraInspector to assist Salesforce administrators in identifying critical misconfigurations within their systems that could lead to sensitive data exposure.The tool specifically targets access control vulnerabilities in Salesforce Aura, the framework powering Experience Cloud sites. While Aura components are not inherently insecure, their complexity frequently results in dangerous misconfigurations. Mandiant highlighted a common scenario where unauthenticated users could exploit the getItems method to steal data from the Salesforce Account object, bypassing a 2,000-record limit by manipulating sort orders or abusing the GraphQL API, which is accessible by default to guest accounts. AuraInspector automates the detection of these and other potential abuse techniques, such as unauthorized access to Record Lists and admin panels via Home URLs.Despite the increasing adoption of Lightning Web Components, Aura remains prevalent for legacy functionalities, making it a continued target for attackers. The tool's read-only nature ensures it aids defenders without introducing further risk, addressing concerns previously raised by Varonis and security blogger Brian Krebs regarding widespread data leakage through Salesforce Experience Cloud sites.Source: The Register
Security Operations, Vulnerability Management, Patch/Configuration Management
Mandiant releases open source tool to detect Salesforce data exposure risks

(Adobe Stock)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



