Elastica is quickly making a name for itself in the cloud application security provider market.
Recently, Elastica found an exploit in the Salesforce platform that allowed nefarious parties to use a specific subdomain on Salesforces platform (admin.salesforce.com) to send out emails as if they came from Salesforce itself. Elastica noted that hackers could use the exploit to send out phishing emails to Salesforce customers since the email itself would appear to come from Salesforce.
Upon notifying Salesforce of its findings, Elastica notes that Salesforce quickly rectified the issue. At this time, it is not believed that any Salesforce users were impacted by this potential security bug. The Salesforce blog wrote about Elastica’s findings calling it:
“A minor vulnerability impacting the blog site ‘admin.salesforce.com,’ which is not connected to the Salesforce application or customer data”
Elastica says that the vulnerability was first discovered in July. Elastica was able to verify that Salesforce had applied a patch onto its system successfully mitigate the security concern earlier this week. More specifically, Elastica says that the flaw resulted from XSS code that failed to filter input from a remote user within a HTTP request. If the attack succeeded, hackers could have stolen a users cookies, forced them to visit nefarious websites or even launched malicious code on their machines.
“Although this particular flaw was only present in a Salesforce subdomain, exploiting the trust of the company’s primary domain could have allowed attackers to easily implement phishing attacks to gain access to user credentials,” says Aditya Sood, architect at Elastica’s Cloud Threat labs.
“With stolen credentials, attackers can then access users’ accounts and exfiltrate sensitive data undetected for long periods of time,” mentions Sood.
Elastica wrote in a press release that it tells its clients that they must take a multi-dimensional approach in securing their cloud based services. Elastica also recommends using two factor authentication whenever possible in efforts to help mitigate these sorts of attacks.