Researchers Discover Security Flaw in DeleFriend that Puts APIs at Risk of Unauthorized Access

Blog
Researchers Discover Security Flaw in DeleFriend that Puts APIs at Risk of Unauthorized Access

Cybersecurity researchers from Hunters recently discovered a vulnerability in Google Workspace that allows unauthorized access to Workspace APIs. This flaw is particularly concerning because it can lead to privilege escalation, enabling attackers to gain access typically reserved for Super Admin users. The researchers have named this security flaw “DeleFriend.”

The vulnerability is related to Google Workspace’s role in managing user identities across Google Cloud services. Attackers can exploit domain-wide delegation (DWD) to create new delegations or enumerate successful combinations of service account keys and OAuth scopes. One of the main concerns with this vulnerability is that GCP service account keys do not have expiry dates by default, making it a long-term and difficult-to-detect issue.

If attackers gain access with Super Admin privileges, they can potentially access emails in Gmail, view schedules in Google Calendar, and exfiltrate data from Google Drive. The scope of this vulnerability is significant as it can impact every identity within the Workspace domain, unlike individual OAuth consent.

Hunters disclosed this flaw to Google in August 2023, and Google is currently reviewing the issue with their Product team. Google responded by stating that the report did not identify an underlying security issue in their products and encouraged users to minimize privilege levels to protect against such attacks.

To defend against the DeleFriend vulnerability, Hunters recommends limiting OAuth scopes in delegations, avoiding administrative scopes, and focusing on detecting suspicious delegations and multiple private key creations. Google suggests checking domain-wide delegation usage, reviewing service account setups, and ensuring least privileges for API scopes granted to service accounts.

Hunters has developed a proof-of-concept tool to manually run the DeleFriend exploitation method for research purposes to detect misconfigurations and increase awareness around OAuth delegation attacks.

Overall, this vulnerability in Google Workspace is significant and poses serious risks, but with the right precautions and measures in place, organizations can mitigate the potential impact.

Unlock your business potential with our expert guidance. Get in touch now!

Contact us
AI & Neural Networks Applications Big Data and Data Analysis Blockchain Cloud Computing and Services Digital Marketing in IT Digital Transformation E-commerce Technologies GLOBUS.studio GLOBUS.studio IT Consulting and Strategies IT for Businesses IT Security and Cybersecurity Learning Mobile Development News Project Management SaaS Solutions SEO/SMO/SMM Software Development Technologies Uncategorised UX/UI Web Development
flag-of-the-european-union-2023-11-27-05-29-39-utc-envato-steveallenphoto999-1.jpg

Apple Removes Thousands of Apps to Comply with Digital Services Act Regulations

  • GLOBUS.studio
FeatureImage_Young_Woman_Holding_Credit_Card_and_Using_a_Laptop.jpg

Top 6 Credit Unions for Business Accounts in 2025

  • GLOBUS.studio
tr_20240220-consultio-pro-lifetime-access.jpg

Unlock Lifetime Access to 50+ AI Experts with Consultio Pro for Just $29.99!

  • GLOBUS.studio
huawei-featured-feb-25.jpg

Huawei Launches Its First Tri-Fold Smartphone Globally

  • GLOBUS.studio
tr_20230929-internxt-cloud-storage-lifetime-subscription-2tb-plan.jpg

Secure 2TB Lifetime Cloud Storage Plan from Internxt for Just $91!

  • GLOBUS.studio
tr_20250216-arm-cpu-qualcomm-nvidia.jpg

Arm Surprises Semiconductor Industry with Potential Plan to Sell Its Own Chips

  • GLOBUS.studio
strategy_a200792738.jpg

A Journey Toward Enhanced Data Engineering

  • GLOBUS.studio

Explore More

Your Gateway to Useful Resources