Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Companies Still Exposing Sensitive Data via Known Salesforce Misconfiguration

Organizations have been warned that a misconfiguration in Salesforce Communities can lead to the exposure of sensitive information.

Organizations have been warned that a misconfiguration in Salesforce Communities can lead to the exposure of sensitive information.

While the misconfiguration has been known since at least last year and Salesforce has taken steps to prevent incidents, data security company Varonis says it’s still seeing many affected organizations. Varonis believes thousands of companies could still be vulnerable.

Salesforce Communities enable Salesforce customers to connect and collaborate with employees, partners and customers. These communities are typically indexed by Google, which can be useful to partners and customers, but it can also be useful for attackers looking for organizations they can target.

The problem is that some Salesforce Communities are configured to give unauthenticated (guest) users too much access. An attacker can exploit this insecure configuration to query objects that can contain sensitive information.

An attacker can gain access to information such as names, email addresses, customer lists, account records, support data, employee calendars, and other potentially sensitive information about the targeted organization’s clients and operations. Varonis said its researchers discovered “troves of exposed sensitive records.”

The obtained information can be useful for spear-phishing attacks and, in some cases, to infiltrate the system and move laterally, the security firm warned.

“An advanced adversary might try to attack vulnerable custom and 3rd party components,” Varonis said. “In some cases, it is possible to take over the entire Salesforce instance just by exploiting a vulnerable custom Apex class that is exposed to guest users.”

Salesforce administrators have been advised to check settings related to guest permissions and guest user access to avoid such incidents.

Salesforce guest access settings

Salesforce, which has more than 150,000 customers, including a majority of Fortune 100 companies, took steps last year to reduce the chances of organizations accidentally exposing data through these types of misconfigurations.

However, Varonis has advised Salesforce customers to review their current settings to ensure they don’t expose sensitive information.

Related: Despite Warnings, Cloud Misconfiguration Problem Remains Disturbing

Related: Survey Shows Reasons for Cloud Misconfigurations are Many and Complex

Related: Thousands of Mobile Apps Expose Data via Misconfigured Cloud Containers

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.