Trusted Connections, Hidden Risks: Token Management in the Third-Party Supply Chain

Unmanaged and unmonitored OAuth tokens are posing a severe risk to companies and their customers, according to a report by Unit 42, the intelligence arm of cybersecurity company Palo Alto Networks.
Many companies have integrated third-party applications with their Salesforce instances, leaving a Pandora’s box of vulnerabilities.
If a threat actor were to gain access to an organisation’s Salesforce instance through a compromised OAuth token, they could enumerate CRM accounts and exfiltrate sensitive data back to their own location.
The report identified three key areas of vulnerability relating to OAuth tokens, including inactive integrations, insecure token storage, and long-lived credentials, and called for a zero-trust approach to dynamic token management.
It cited the example of a single compromised OAuth token issued to a Salesloft Drift integration that was used in 2021 to bypass multi-factor authentication and provide persistent access to hundreds of customer Salesforce instances.

Fast Feed