Why Salesforce environments make tempting targets: Salesforce deployments are particularly attractive because of the sensitive data they hold and the complexity of their access models.”Salesforce instances often contain highly sensitive customer data, including credentials and secrets that can be used for lateral movement,” said Vincenzo Lozzo, CEO and cofounder of SlashID. At the same time, he added, the platform’s layered permissions architecture, including profiles, permissions sets, sharing rules, and integrations, which are not very well understood and can make accidental overexposure easy.The attack surface expands further when organizations connect Salesforce with third-party applications and APIs. “Trust relationships, and long-lived and poorly monitored credentials grant access to treasure troves of systems and data,” said Trey Ford, chief strategy and trust officer at BugCrowd. Once attackers compromise a trusted integration, he noted, it can create cascading risk across the entire ecosystem. Salesforce guidance focuses on tightening the responsible configuration controls. Recommended steps include auditing guest user permissions, disabling public API access where possible, restricting object visibility, and enforcing least-privilege access.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4143667/overly-permissive-guest-settings-put-salesforce-customers-at-risk.html
