- Security researchers discover an error in Microsoft’s SharePoint connector on the energy platform
- A falsification failure of the server side could have allowed threat actors to steal the people’s login credentials
- It has been paved, but users must still be updated as soon as possible
Experts warned that Microsoft’s SharePoint connector on the power platform was vulnerable to a falsification defect of the server’s side (SSRF) that could have allowed threat actors to steal the people’s login credentials of people .
Zenity Labs cybersecurity researchers recently detailed their findings in an in -depth technical analysis, explaining how, in essence, threat actors could use the “personalized value” function in a SharePoint connector, which would allow them to add a personalized URL In a flow. To do that, they would first need to have access to an environment manufacturer role, and the basic role of the user, within the power platform.
In the blog, Zenity explained why access to the environment of the Environmental manufacturer is essential for the attack to work: “The role of Environmental manufacturer allows you to create applications, flows and connections, and share them with others in your organization” says the article. . “The basic user role allows you to execute applications and interact with the records you have (for example, account, contact)”.
Creating a flow
An attacker could create a flow for a SharePoint action, and share it with the victim, which would end up filtering his SharePoint JWT access token. The criminals could use this token to impersonate the victim and send requests outside the energy platform.
Zenity added that vulnerability can be abused in energy applications or co -driver study.
“You can carry this even further embeding the Canvas application in a team channel, for example,” Zenity said. “Once users interact with the application on the equipment, they can reap their tokens with the same ease, expanding their reach throughout the organization and making the attack even more widespread.”
Microsoft was notified about vulnerability in September 2024, and patched it in mid -December last year.
Microsoft SharePoint is a platform for collaboration and online document management that allows organizations to store, share and manage content, workflows and applications safely.
