Exposing Broken Access Control in Salesforce

Posted Oct 11, 2024 Updated Jan 3, 2026

By Iamunix

1 min read

Exposing Broken Access Control in Salesforce: How Public Aura Endpoints Leaked Sensitive Data

How I Discovered a Broken Access Control Vulnerability that Leaked Sensitive Data

Hello Folks

While exploring Salesforce deployments during a focused research session, I uncovered a significant misconfiguration that allowed unauthenticated access to internal Salesforce data through publicly exposed Aura endpoints.

…

Bug Hunting

bughunting cybersecurity

This post is licensed under CC BY 4.0 by the author.

Exposing Broken Access Control in Salesforce: How Public Aura Endpoints Leaked Sensitive Data

Trending Tags