{"id":77667,"date":"2025-02-12T03:28:14","date_gmt":"2025-02-12T08:28:14","guid":{"rendered":"https:\/\/blog.cyberconservices.com\/?p=77667"},"modified":"2025-02-09T14:36:38","modified_gmt":"2025-02-09T19:36:38","slug":"microsoft-sharepoint-connector-flaw-couldve-enabled-credential-theft-across-power-platform","status":"publish","type":"post","link":"https:\/\/blog.cyberconservices.com\/index.php\/2025\/02\/12\/microsoft-sharepoint-connector-flaw-couldve-enabled-credential-theft-across-power-platform\/","title":{"rendered":"Microsoft SharePoint Connector Flaw Could&#8217;ve Enabled Credential Theft Across Power Platform"},"content":{"rendered":"<p>Cybersecurity researchers have disclosed details of a now-patched vulnerability impacting the Microsoft\u00a0<a href=\"https:\/\/learn.microsoft.com\/en-us\/connectors\/sharepointonline\/\" target=\"_blank\" rel=\"noopener\">SharePoint connector<\/a>\u00a0on\u00a0<a href=\"https:\/\/learn.microsoft.com\/en-us\/power-platform\/developer\/get-started\" target=\"_blank\" rel=\"noopener\">Power Platform<\/a>\u00a0that, if successfully exploited, could allow threat actors to harvest a user&#8217;s credentials and stage follow-on attacks.<\/p>\n<p>This could manifest in the form of post-exploitation actions that allow the attacker to send requests to the SharePoint API on behalf of the impersonated user, enabling unauthorized access to sensitive data, Zenity Labs said in a report shared with The Hacker News ahead of publication.<\/p>\n<p>&#8220;This vulnerability can be exploited across Power Automate, Power Apps, Copilot Studio, and Copilot 365, which significantly broadens the scope of potential damage,&#8221; senior security researcher Dmitry Lozovoy\u00a0<a href=\"https:\/\/labs.zenity.io\/p\/the-power-of-one-ssrf-vulnerability-a-multi-platform-threat\" target=\"_blank\" rel=\"noopener\">said<\/a>.<\/p>\n<p>&#8220;It increases the likelihood of a successful attack, allowing hackers to target multiple interconnected services within the Power Platform ecosystem.&#8221;<\/p>\n<p>Following responsible disclosure in September 2024, Microsoft addressed the security hole, assessed with an &#8220;Important&#8221; severity assessment, as of December 13. When reached for comment, Redmond confirmed that the issue is resolved.\u00a0 <a href=\"https:\/\/www.google.com\/url?rct=j&amp;sa=t&amp;url=https:\/\/thehackernews.com\/2025\/02\/microsoft-sharepoint-connector-flaw.html&amp;ct=ga&amp;cd=CAEYASoUMTM2MzUwMTMxMzcxNjc1Njg3NDcyGjNiY2Y1NTgzODI4ZTA3NDg6Y29tOmVuOlVT&amp;usg=AOvVaw0FXYI_z5iYkf3qFjZD9OGh\" target=\"_blank\" rel=\"noopener\">Read On:<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In a hypothetical attack scenario, a threat actor could create a flow for a SharePoint action and share it with a low-privileged user (read victim), resulting in a leak of their SharePoint JWT access token.<\/p>\n <a class=\"more-link\" href=\"https:\/\/blog.cyberconservices.com\/index.php\/2025\/02\/12\/microsoft-sharepoint-connector-flaw-couldve-enabled-credential-theft-across-power-platform\/\"><span class=\"more-msg\">Continue reading &rarr;<\/span><\/a>","protected":false},"author":1,"featured_media":77670,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[687,653,7],"tags":[700,652,141],"class_list":["post-77667","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-power-automate","category-power-platform","category-sharepoint","tag-power-automate","tag-power-platform","tag-sharepoint"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/blog.cyberconservices.com\/wp-content\/uploads\/2025\/02\/Image-of-a-hacker-bresking-into-a-2.png","jetpack-related-posts":[],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/posts\/77667","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/comments?post=77667"}],"version-history":[{"count":1,"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/posts\/77667\/revisions"}],"predecessor-version":[{"id":77671,"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/posts\/77667\/revisions\/77671"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/media\/77670"}],"wp:attachment":[{"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/media?parent=77667"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/categories?post=77667"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.cyberconservices.com\/index.php\/wp-json\/wp\/v2\/tags?post=77667"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}