Mandiant has unveiled AuraInspector, an open-source command-line tool designed to assist security professionals in identifying and auditing access-control misconfigurations within the Salesforce Aura framework. This initiative addresses a significant security vulnerability in Salesforce Experience Cloud deployments, where misconfigurations can inadvertently expose sensitive data, including credit card numbers, identity documents, and health information.
Understanding the Salesforce Aura Framework
The Aura framework is integral to Salesforce’s Lightning Experience interface, providing a robust platform for building dynamic web applications. However, its complexity and the layered nature of Salesforce’s object sharing rules can make it challenging for administrators to detect access-control misconfigurations from an external perspective. These misconfigurations can lead to unauthorized data exposure, posing substantial risks to organizations and their clients.
Introducing AuraInspector
AuraInspector automates the detection of these vulnerabilities, offering actionable insights for remediation. The tool incorporates several attack techniques previously documented by Mandiant’s Offensive Security Services team, enhancing its effectiveness in identifying potential security gaps.
Key Features of AuraInspector
AuraInspector boasts a comprehensive suite of features designed to streamline the auditing process:
– Automatic Aura Detection: Automatically identifies the Aura endpoint within the Salesforce environment.
– Object Access Scan: Evaluates which objects and records are accessible, highlighting potential unauthorized access points.
– Record List Discovery: Detects exposed record lists and their URLs, which could be exploited if permissions are misconfigured.
– Self-Registration Check: Assesses whether self-signup is enabled and retrieves signup links, identifying potential unauthorized account creation avenues.
– URL Discovery: Automatically finds home and administrative URLs, providing a comprehensive view of accessible endpoints.
– GraphQL Bypass: Utilizes a GraphQL method to fetch more than 2,000 records, overcoming standard retrieval limitations.
– Action Bulking: Sends multiple actions in a single request, enhancing the efficiency of the auditing process.
– Read-Only Mode: Operates in a read-only capacity, ensuring that no changes are made to the system during the audit.
– Command-Line Tool: Provides a simple CLI for scanning and generating reports, facilitating ease of use.
– Open Source: Available on GitHub, allowing for community collaboration and continuous improvement.
Addressing Common Misconfigurations
AuraInspector identifies accessible objects through Aura methods such as `getItems` and `getConfigData`, which can expose sensitive records when access controls are improperly configured. Additionally, the tool checks for exposed Record Lists—Salesforce components that provide direct access to object records when permissions are misconfigured.
A notable feature of AuraInspector is its ability to detect enabled self-registration endpoints. Mandiant has observed instances where self-registration links were removed from login pages, yet the functionality remained enabled, allowing unauthorized account creation.
Breakthrough: GraphQL Integration
AuraInspector introduces a previously undocumented technique using Salesforce’s GraphQL Aura controller to bypass the standard 2,000-record retrieval limit. This advancement allows for a comprehensive assessment of misconfiguration impacts without the need for manual sorting workarounds. The tool automates the construction of GraphQL queries to retrieve complete datasets when access controls fail, providing a more thorough analysis.
Operational Integrity and Recommendations
Operating strictly in read-only mode, AuraInspector ensures that tested instances remain unmodified during the auditing process. Mandiant recommends that administrators audit guest user permissions using the principle of least privilege, review sharing rules and organization-wide defaults, disable unnecessary self-registration, and implement Salesforce security best practices.
The Security Health Check tool and the comprehensive Salesforce Security Guide offer additional guidance for hardening Salesforce environments.
Availability and Community Collaboration
AuraInspector is now available on GitHub, enabling security teams to proactively identify and remediate Aura-related exposures before adversaries can exploit them. By leveraging this tool, organizations can enhance their security posture and protect sensitive data within their Salesforce environments.
Conclusion
The release of AuraInspector marks a significant advancement in the proactive identification and remediation of access-control misconfigurations within the Salesforce Aura framework. By automating the detection process and providing actionable insights, AuraInspector empowers security professionals to safeguard sensitive data and maintain the integrity of their Salesforce deployments.
