Microsoft SharePoint Connector flaw enables credential theft

Home/Internet Security, Microsoft, Mobile Security, Security Advisory, Security Update, Tips, vulnerability/Microsoft SharePoint Connector flaw enables credential theft

Microsoft SharePoint Connector flaw enables credential theft

A critical SSRF flaw in Microsoft Power Platform’s SharePoint connector let attackers steal credentials and impersonate users across multiple services. The patched vulnerability posed major risks to organizations using SharePoint.

Microsoft SharePoint Connector flaw

Exploiting the flaw could let attackers impersonate users and perform actions in SharePoint, causing major security breaches.

Researcher Dmitry Lozovoy found the vulnerability in SharePoint’s insufficient input validation. By manipulating the “custom value” feature, attackers could insert unvalidated URLs. They could trick users into sending requests to malicious servers, leaking SharePoint JWTs tied to the victim’s credentials. These tokens allowed attackers to:

  • Perform unauthorized actions
  • Access sensitive data like user directories and documents
  • Escalate privileges within the network

To exploit the flaw, attackers needed Environment Maker and Basic User roles in Power Platform, which let them create and share resources.

The SSRF vulnerability’s cross-platform impact made it more severe:

  • Power Automate: Malicious flows captured tokens when run by victims.
  • Power Apps: Malicious apps in Teams or surveys leaked tokens.
  • Copilot Studio & Copilot 365: Rogue agents tricked users into granting access.

Zenity Labs showed how stolen tokens bypassed authentication, allowing data exfiltration.

Tracked as CVE-2024-49070, the flaw was patched in December 2024 after being reported in September. Patches were released for SharePoint Server and Power Platform services. Organizations should apply the latest updates to stay secure.

Mitigation Recommendations:

  • Apply Security Updates: Install the December 2024 patches for SharePoint and Power Platform.
  • Limit Permissions: Restrict Environment Maker and Basic User roles to trusted personnel.
  • Monitor Suspicious Activity: Check for unexpected external URL references in flows/apps.
  • Educate Users: Train employees to spot unauthorized consent prompts or errors during app use.

Although the vulnerability is patched, organizations should review security settings and ensure all systems are updated with the latest patches.

‍Follow Us on: Twitter, InstagramFacebook to get the latest security news!

Post Views: 147
By | 2025-02-12T04:02:01+05:30 February 10th, 2025|Internet Security, Microsoft, Mobile Security, Security Advisory, Security Update, Tips, vulnerability|

About the Author:

FirstHackersNews- Identifies Security

Related Posts

Leave A Comment

Subscribe to our newsletter to receive security tips everday!