Researchers Discover Security Flaw in DeleFriend that Puts APIs at Risk of Unauthorized Access

Blog
Researchers Discover Security Flaw in DeleFriend that Puts APIs at Risk of Unauthorized Access

Cybersecurity researchers from Hunters recently discovered a vulnerability in Google Workspace that allows unauthorized access to Workspace APIs. This flaw is particularly concerning because it can lead to privilege escalation, enabling attackers to gain access typically reserved for Super Admin users. The researchers have named this security flaw “DeleFriend.”

The vulnerability is related to Google Workspace’s role in managing user identities across Google Cloud services. Attackers can exploit domain-wide delegation (DWD) to create new delegations or enumerate successful combinations of service account keys and OAuth scopes. One of the main concerns with this vulnerability is that GCP service account keys do not have expiry dates by default, making it a long-term and difficult-to-detect issue.

If attackers gain access with Super Admin privileges, they can potentially access emails in Gmail, view schedules in Google Calendar, and exfiltrate data from Google Drive. The scope of this vulnerability is significant as it can impact every identity within the Workspace domain, unlike individual OAuth consent.

Hunters disclosed this flaw to Google in August 2023, and Google is currently reviewing the issue with their Product team. Google responded by stating that the report did not identify an underlying security issue in their products and encouraged users to minimize privilege levels to protect against such attacks.

To defend against the DeleFriend vulnerability, Hunters recommends limiting OAuth scopes in delegations, avoiding administrative scopes, and focusing on detecting suspicious delegations and multiple private key creations. Google suggests checking domain-wide delegation usage, reviewing service account setups, and ensuring least privileges for API scopes granted to service accounts.

Hunters has developed a proof-of-concept tool to manually run the DeleFriend exploitation method for research purposes to detect misconfigurations and increase awareness around OAuth delegation attacks.

Overall, this vulnerability in Google Workspace is significant and poses serious risks, but with the right precautions and measures in place, organizations can mitigate the potential impact.

Unlock your business potential with our expert guidance. Get in touch now!

Contact us
AI & Neural Networks Applications Big Data and Data Analysis Blockchain Cloud Computing and Services Digital Marketing in IT Digital Transformation E-commerce Technologies GLOBUS.studio IT Consulting and Strategies IT for Businesses IT Security and Cybersecurity Learning Mobile Development News Project Management SaaS Solutions SEO/SMO/SMM Software Development Technologies Uncategorised UX/UI Web Development
system-error-2-adobe.jpg

Post Office IT Head Neglected to Address Concerns About False Horizon Statements

  • News, Uncategorised
cisco_splunk_1200x675_v3.png

Acquisition of Splunk by Cisco Expected to Enhance Threat Visibility for Security Professionals in Australia and New Zealand

  • News
dominoes-business-crisis-risk-management.jpg

Cyber Safety Force aims to reshape dialogue on risk

  • News, Uncategorised
AdobeStock_783355459.jpg

Top 6 Healthcare CRM Software Picks for 2024

  • News
Space-hero-AdobeStock_393796896.jpg

Global ArchiveSpace enables remote tape access launched by QStar

  • News, Uncategorised
AdobeStock_520294370.jpg

Top 6 Nonprofit CRM Software Picks for 2024

  • News
Helsinki-Finland-panoramic-aerial-adobe.jpg

Maria 01 Unveils Ambitious Pan-European Startup Strategy

  • News, Uncategorised

Explore More

Your Gateway to Useful Resources