1. Forum
  2. tqwNet
  3. TQW GENTECH

  • A key Microsoft OneDrive feature has a worrying security flaw whi

    From TechnologyDaily@1337:1/100 to All on Thursday, May 29, 2025 15:15:08
    A key Microsoft OneDrive feature has a worrying security flaw which could expose user data

    Date:
    Thu, 29 May 2025 14:06:00 +0000

    Description:
    You might want to pause uploading files using OneDrive through OAuth until Microsoft releases a fix.

    FULL STORY ======================================================================Research ers found a flaw in Microsoft OneDrive File Picker The flaw stems in the lack of fine-grained OAuth permissions Microsoft acknowledges the flaw, but hasn't fixed it yet

    A vulnerability in Microsofts OneDrive File Picker has been found which could allow threat actors to access peoples entire cloud archives, experts have warned.

    Security researchers Oasis discovered the flaw and reported it to Microsoft, noting the problem lies in excessive permissions that File Picker asks for - including read access to the entire drive. The tool asks for these
    permissions since the OAuth scopes for OneDrive arent fine-grained.

    File Picker is a tool in OneDrive that allows websites and applications to integrate directly with the cloud storage solution. That way, users can
    manage their OneDrive account within a third-party interface, resulting in seamless file access. Reading the calendar

    "This stems from overly broad OAuth scopes and misleading consent screens
    that fail to clearly explain the extent of access being granted," the Oasis Research Team explained in a report.

    "This flaw could have severe consequences, including customer data leakage
    and violation of compliance regulations."

    Oasis further stressed that a number of popular apps, such as ChatGPT,
    Trello, or Slack, are also affected, since they integrate with OneDrive.

    The researchers also said that the messaging, when uploading files, isnt
    clear enough, which could mislead people into thinking their cloud storage solutions are secure.

    "The lack of fine-grained scopes makes it impossible for users to distinguish between malicious apps that target all files and legitimate apps that ask for excessive permissions simply because there is no other secure option," Oasis concluded.

    If that wasnt enough, Oasis also said the OAuth tokens are often stored insecurely since theyre saved in the browsers session storage in plaintext.

    Microsoft has reportedly acknowledged the issue, but hasnt come back with a patch just yet.

    If youre worried about exposing your OneDrive storage, you might want to temporarily remove the option to upload files using OneDrive through OAuth. You could also stop using fresh tokens and make sure to store access tokens more securely.

    Via The Hacker News You might also like Google warns of legit VPN apps being used to infect devices with malware Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/a-key-microsoft-onedrive-feature-has-a- worrying-security-flaw-which-could-expose-user-data


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)