all InfoSec news
Design flaw leaves Google Workspace vulnerable for takeover
Help Net Security www.helpnetsecurity.com
A design flaw in Google Workspace’s domain-wide delegation feature, discovered by Hunters’ Team Axon, can allow attackers to misuse existing delegations, enabling privilege escalation and unauthorized access to Workspace APIs without Super Admin privileges. Such exploitation could result in the theft of emails from Gmail, data exfiltration from Google Drive, or other unauthorized actions within Google Workspace APIs on all the identities in the target domain. Snippet from DeleFriend: enumeration of custom roles Domain-wide delegation … More
The post …
access admin admin privileges apis attackers axon data data exfiltration design domain drive emails escalation exfiltration exploitation feature flaw gmail google google drive google workspace hunters privilege privilege escalation privileges result super takeover team theft unauthorized access vulnerability vulnerable workspace