A key Microsoft OneDrive feature has a worrying security flaw which could expose user data
techradar.com
- Researchers found a flaw in Microsoft OneDrive File Picker
- The flaw stems in the lack of fine-grained OAuth permissions
- Microsoft acknowledges the flaw, but hasn't fixed it yet
A vulnerability in Microsoft’s OneDrive File Picker has been found which could allow threat actors to access people’s entire cloud archives, experts have warned.
Security researchers Oasis discovered the flaw and reported it to Microsoft, noting the problem lies in excessive permissions that File Picker asks for - including read access to the entire drive. The tool asks for these permissions since the OAuth scopes for OneDrive aren’t fine-grained.
File Picker is a tool in OneDrive that allows websites and applications to integrate directly with the cloud storage solution. That way, users can manage their OneDrive account within a third-party interface, resulting in seamless file access.
Reading the calendar
"This stems from overly broad OAuth ...
Copyright of this story solely belongs to techradar.com . To see the full text click HERE